├── .dir-locals.el ├── .githooks ├── post-merge-checkout └── pre-commit ├── .gitignore ├── .gitmodules ├── CMakeLists.txt ├── README.md ├── Write ├── extract.sh ├── gdb.sh ├── inject.sh ├── reload.sh ├── setuphooks.sh └── src ├── Interfaces.cpp ├── Interfaces.h ├── Main.cpp ├── Netvars.cpp ├── Netvars.h ├── Signatures.h ├── features ├── Aimbot.cpp ├── Aimbot.h ├── Bhop.cpp ├── Bhop.h ├── DumbExploits.cpp ├── DumbExploits.h ├── Glow.cpp └── Glow.h ├── globals.h ├── sdk ├── BaseStruct.h ├── CBaseEntity.h ├── CClientState.h ├── CGlobalVars.h ├── CInput.h ├── ClientClass.h ├── Definitions.h ├── OffPtr.h ├── QAngle.h ├── UtlMemory.h ├── Vector.h └── bf_write.h └── utils ├── Handles.cpp ├── InputSystem.cpp ├── InputSystem.h ├── Logger.cpp ├── Logger.h ├── Math.h ├── Memutils.cpp ├── Memutils.h ├── Wrappers.h └── minitrace.h /.dir-locals.el: -------------------------------------------------------------------------------- 1 | ((nil . ((indent-tabs-mode . nil)))) 2 | -------------------------------------------------------------------------------- /.githooks/post-merge-checkout: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Check if any submodule has been updated in HEAD after a merge (or 4 | # pull) or a branch checkout. If so, ask if user wants to run 5 | # git-submodule update. 6 | # --Chaitanya Gupta 7 | 8 | SCRIPT_NAME=$(basename "$0") 9 | 10 | # If run as a post-checkout script hook, and the previous and current 11 | # HEAD are the same or if its a file checkout, don't proceed 12 | if [[ "$SCRIPT_NAME" = "post-checkout" && "$1" = "$2" || "$3" = "0" ]]; then 13 | exit 0 14 | fi 15 | 16 | echo "Checking for new or changed submodules..." 17 | 18 | # Jump to the current project's root directory (the one containing 19 | # .git/) 20 | ROOT_DIR=$(git rev-parse --show-cdup) 21 | 22 | # Finding existing submodules that have been modified 23 | SUBMODULES=$(grep path ${ROOT_DIR}.gitmodules | sed 's/^.*path = //') 24 | MOD_SUBMODULES=$(git diff --name-only --ignore-submodules=dirty | grep -F "$SUBMODULES") 25 | 26 | # Find new submodules 27 | NEW_SUBMODULES=$(git submodule status | egrep '^-' | cut -f2 -d' ') 28 | 29 | # If no changed submodules, exit with status code 0, else prompt the 30 | # user and exit accordingly 31 | if [[ -n "$MOD_SUBMODULES" || -n "$NEW_SUBMODULES" ]]; then 32 | echo "The following submodules have been updated in HEAD:" 33 | if [[ -n "$MOD_SUBMODULES" ]]; then 34 | echo "$MOD_SUBMODULES" 35 | fi 36 | if [[ -n "$NEW_SUBMODULES" ]]; then 37 | echo "$NEW_SUBMODULES" 38 | fi 39 | 40 | echo -n "Update submodules? [n] " 41 | read -n 1 reply ...\" to unstage)" 27 | echo 28 | 29 | for SUB in $MOD_SUBMODULES 30 | do 31 | echo -e "\t${green}modified:\t$SUB${no_color}" 32 | done 33 | echo 34 | echo -n -e "Continue with commit? ${grey}[N|y]${no_color} " 35 | read -n 1 reply Read(interfaceList); 27 | interface && interface != (uintptr_t)process->Read( interface + OFFSET_OF(&InterfaceReg::m_pNext) ); 28 | interface = (uintptr_t)process->Read( interface + OFFSET_OF(&InterfaceReg::m_pNext) ) 29 | ){ 30 | Logger::Log("Interface: %p - ", (void*)interface); 31 | VMemRead( &process->ctx->process, process->proc.dirBase, (uint64_t)buffer, process->Read(interface + OFFSET_OF(&InterfaceReg::m_pName)), 256 ); 32 | Logger::Log("InterfaceName : %s\n", buffer); 33 | } 34 | 35 | return true; 36 | } 37 | -------------------------------------------------------------------------------- /src/Interfaces.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "vmread/hlapi/hlapi.h" 3 | 4 | namespace Interfaces 5 | { 6 | bool FindInterfaces( const char *moduleName ); 7 | } 8 | -------------------------------------------------------------------------------- /src/Main.cpp: -------------------------------------------------------------------------------- 1 | #include "vmread/hlapi/hlapi.h" 2 | #include "utils/Logger.h" 3 | #include "Interfaces.h" 4 | #include "Netvars.h" 5 | #include "utils/Memutils.h" 6 | #include "features/Aimbot.h" 7 | #include "features/Bhop.h" 8 | #include "features/Glow.h" 9 | #include "features/DumbExploits.h" 10 | #include "sdk/CBaseEntity.h" 11 | #include "sdk/CGlobalVars.h" 12 | #include "utils/Memutils.h" 13 | #include "globals.h" 14 | #include "utils/Wrappers.h" 15 | #include "utils/minitrace.h" 16 | #include "utils/InputSystem.h" 17 | 18 | #include "m0dular/utils/threading.h" 19 | #include "m0dular/utils/pattern_scan.h" 20 | 21 | #include //getpid 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | //#include 30 | 31 | //#define USE_EAC_LAUNCHER 32 | 33 | #ifdef USE_EAC_LAUNCHER 34 | #define PROCNAME "EasyAntiCheat_" 35 | #define MODNAME "EasyAntiCheat_launcher.exe" 36 | #else 37 | #define PROCNAME "r5apex.exe" 38 | #define MODNAME "R5Apex.exe" 39 | #endif 40 | 41 | #include "Signatures.h" 42 | 43 | static thread_t mainThread; 44 | static thread_t inputSystemThread; 45 | 46 | #if (LMODE() == MODE_EXTERNAL()) 47 | 48 | int main() { 49 | while (running) { 50 | char c = (char) getchar(); 51 | 52 | if (c == 'Q') 53 | break; 54 | } 55 | 56 | return 0; 57 | } 58 | 59 | #endif 60 | 61 | typedef std::chrono::high_resolution_clock Clock; 62 | 63 | static bool sigscanFailed = false; 64 | 65 | static void *ThreadSignature(const Signature *sig) { 66 | MTR_SCOPED_TRACE("Initialization", "ThreadedSignature"); 67 | 68 | *sig->result = PatternScan::FindPattern(sig->pattern, sig->module); 69 | 70 | if (!*sig->result) { 71 | Logger::Log("Failed to find pattern {%s}\n", sig->pattern); 72 | sigscanFailed = true; 73 | } 74 | 75 | return nullptr; 76 | } 77 | 78 | 79 | static void *MainThread(void *) { 80 | Logger::Log("Main Loaded.\n"); 81 | pid_t pid; 82 | 83 | #if (LMODE() == MODE_EXTERNAL()) 84 | FILE *pipe = popen("pidof qemu-system-x86_64", "r"); 85 | fscanf(pipe, "%d", &pid); 86 | pclose(pipe); 87 | #else 88 | pid = getpid(); 89 | #endif 90 | 91 | #ifdef MTR_ENABLED 92 | Logger::Log("Initialize performance tracing...\n"); 93 | mtr_init("/tmp/ape-ex-trace.json"); 94 | MTR_META_PROCESS_NAME("Ape-ex"); 95 | #endif 96 | 97 | Threading::InitThreads(); 98 | 99 | try { 100 | Logger::Log("doing shit\n"); 101 | MTR_BEGIN("Initialization", "InitCTX"); 102 | WinContext ctx(pid); 103 | MTR_END("Initialization", "InitCTX"); 104 | 105 | MTR_BEGIN("Initialization", "FindProcesses"); 106 | ctx.processList.Refresh(); 107 | for (auto &i : ctx.processList) { 108 | if (!strcasecmp(PROCNAME, i.proc.name)) { 109 | Logger::Log("\nFound Apex Process %s(PID:%ld)", i.proc.name, i.proc.pid); 110 | PEB peb = i.GetPeb(); 111 | short magic = i.Read(peb.ImageBaseAddress); 112 | uintptr_t translatedBase = VTranslate(&i.ctx->process, i.proc.dirBase, peb.ImageBaseAddress); 113 | Logger::Log("\tWinBase:\t%p\tBase:\t%p\tQemuBase:\t%p\tMagic:\t%hx (valid: %hhx)\n", (void *) peb.ImageBaseAddress, (void *) i.proc.process, 114 | (void *) translatedBase, 115 | magic, (char) (magic == IMAGE_DOS_SIGNATURE)); 116 | process = &i; 117 | 118 | for (auto &o : i.modules) { 119 | if (!strcasecmp(MODNAME, o.info.name)) { 120 | apexBase = o.info.baseAddress; 121 | for (auto &u : o.exports) 122 | Logger::Log("\t\t%lx\t%s\n", u.address, u.name); 123 | } 124 | } 125 | 126 | } 127 | } 128 | MTR_END("Initialization", "FindProcesses"); 129 | 130 | if (!process) { 131 | Logger::Log("Could not Find Apex Process/Base. Exiting...\n"); 132 | goto quit; 133 | } 134 | 135 | auto t1 = Clock::now(); 136 | 137 | MTR_BEGIN("Initialization", "FindOffsets"); 138 | Threading::QueueJobRef(Interfaces::FindInterfaces, MODNAME); 139 | Threading::QueueJobRef(Netvars::CacheNetvars, MODNAME); 140 | //Netvars::PrintNetvars(*process, MODNAME); 141 | 142 | for (const Signature &sig : signatures) 143 | Threading::QueueJobRef(ThreadSignature, &sig); 144 | 145 | Threading::FinishQueue(true); 146 | MTR_END("Initialization", "FindOffsets"); 147 | 148 | if (sigscanFailed) { 149 | Logger::Log("One of the sigs failed. Stopping.\n"); 150 | goto quit; 151 | } 152 | 153 | // Print some sig stuff - useful for reclass analysis etc 154 | Logger::Log("Localplayer: %p\n", (void *) GetLocalPlayer()); 155 | Logger::Log("LocalplayerPtr: %p\n", (void *) localPlayerPtr); 156 | Logger::Log("(Linux)Localplayer: %p\n", (void *) &localPlayer); 157 | Logger::Log("Entlist: %p\n", (void *) entList); 158 | Logger::Log("GlobalVars: %p\n", (void *) globalVarsAddr); 159 | Logger::Log("input: %p\n", (void *) inputAddr); 160 | Logger::Log("clientstate: %p\n", (void *) clientStateAddr); 161 | Logger::Log("forcejump: %p\n", (void *) forceJump); 162 | 163 | auto t2 = Clock::now(); 164 | printf("Initialization time: %lld ms\n", (long long) std::chrono::duration_cast(t2 - t1).count()); 165 | 166 | Logger::Log("Starting Main Loop.\n"); 167 | 168 | static int lastFrame = 0; 169 | static int lastTick = 0; 170 | static bool updateWrites = false; 171 | 172 | // these buffers wont get re-allocated, getting the address of em' here is fine. 173 | userCmdArr = process->Read(inputAddr + OFFSET_OF(&CInput::m_commands)); 174 | verifiedUserCmdArr = process->Read(inputAddr + OFFSET_OF(&CInput::m_verifiedCommands)); 175 | //goto quit; 176 | while (running) { 177 | globalVars = process->Read(globalVarsAddr); 178 | 179 | // read first 0x344 bytes of clientstate (next member we want after 0x344 is over 100k bytes away) 180 | VMemRead(&process->ctx->process, process->proc.dirBase, (uint64_t) &clientState, clientStateAddr, 0x344); 181 | netChan = process->Read((uint64_t) clientState.m_netChan); 182 | 183 | /* Per Tick Operations */ 184 | updateWrites = (globalVars.tickCount != lastTick || globalVars.framecount != lastFrame); 185 | // reset fakelag if we arent ingame 186 | /*if (clientState.m_signonState != SIGNONSTATE_INGAMEAPEX) 187 | process->Write(clientStateAddr + OFFSET_OF(&CClientState::m_nextCmdTime), 0.0);*/ 188 | 189 | if (updateWrites) { 190 | /* -=-=-=-=-=-=-=-=-= Tick Operations -=-=-=-=-=-=-=-=-=-=-= */ 191 | MTR_SCOPED_TRACE("MainLoop", "Tick"); 192 | 193 | int entityCount = process->Read(apexBase + 0x1adac1c); // TODO: fix and sig 194 | 195 | if (!entityCount || entityCount > 50000) { 196 | entityCount = 100; // hardcoded to 100 as item esp is disabled 197 | } 198 | InputSystem::InputSystem(); 199 | 200 | validEntities.clear(); 201 | 202 | for (int ent = 0; ent < entityCount; ent++) { 203 | uintptr_t entity = GetEntityById(ent); 204 | if (!entity) continue; 205 | 206 | bool isPlayer = IsPlayer(entity); 207 | 208 | if (!isPlayer) { 209 | if (!IsProp(entity)) continue; 210 | } 211 | 212 | validEntities.push_back(ent); 213 | entities[ent].Update(entity); 214 | entities[ent].SetPlayerState(isPlayer); 215 | } 216 | localPlayer.Update(GetLocalPlayer()); 217 | 218 | //Vector localPos = localPlayer.eyePos; 219 | //Logger::Log("Local eyepos: (%f/%f/%f)\n", localPos[0], localPos[1], localPos[2]); 220 | Exploits::Speedhack(); 221 | 222 | Aimbot::Aimbot(); 223 | Bhop::Bhop(localPlayer); 224 | Bhop::Strafe(); 225 | /*int32_t commandNr= process->Read(clientStateAddr + OFFSET_OF(&CClientState::m_lastUsedCommandNr)); 226 | int32_t targetCommand = (commandNr - 1) % 300; 227 | CUserCmd userCmd = process->Read(userCmdArr + targetCommand * sizeof(CUserCmd)); 228 | QAngle recoil = Aimbot::RecoilCompensation(); 229 | 230 | sway_history.insert({commandNr, recoil}); 231 | */ 232 | 233 | 234 | /* -=-=-=-=-=-=-=-=-= Frame Operations -=-=-=-=-=-=-=-=-=-=-= */ 235 | MTR_SCOPED_TRACE("MainLoop", "Frame"); 236 | 237 | Glow::Glow(); 238 | Exploits::ServerCrasher(); 239 | lastFrame = globalVars.framecount; 240 | 241 | /* -=-=-=-=-=-=-=-=-= Memory Operations -=-=-=-=-=-=-=-=-=-=-= */ 242 | 243 | MTR_SCOPED_TRACE("MainLoop", "WriteBack"); 244 | WriteList writeList(process); 245 | for (size_t i : validEntities) { 246 | if (!entities[i].GetPlayerState()) // Do not write item structs; race condition problem 247 | continue; 248 | 249 | entities[i].WriteBack(writeList); 250 | } 251 | 252 | localPlayer.WriteBack(writeList); 253 | 254 | writeList.Commit(); 255 | 256 | lastTick = globalVars.tickCount; 257 | } 258 | std::this_thread::sleep_for(std::chrono::microseconds(2000)); 259 | } 260 | 261 | // reset these values to properly reset after exiting the cheat 262 | //process->Write(clientStateAddr + OFFSET_OF(&CClientState::m_nextCmdTime), 0.0); 263 | //process->Write(timescale, 1.0f); // reset speedhack // reset speedhack 264 | 265 | Logger::Log("Main Loop Ended.\n"); 266 | } catch (VMException &e) { 267 | Logger::Log("Initialization error: %d\n", e.value); 268 | } 269 | 270 | quit: 271 | running = false; 272 | 273 | Threading::FinishQueue(true); 274 | Threading::EndThreads(); 275 | 276 | #ifdef MTR_ENABLED 277 | mtr_flush(); 278 | mtr_shutdown(); 279 | #endif 280 | 281 | Logger::Log("Main Ended.\n"); 282 | 283 | return nullptr; 284 | } 285 | 286 | static void __attribute__((constructor)) Startup() { 287 | //inputSystemThread = Threading::StartThread(InputSystem::InputSystem, nullptr, false); 288 | mainThread = Threading::StartThread(MainThread, nullptr, false); 289 | } 290 | 291 | static void __attribute__((destructor)) Shutdown() { 292 | Logger::Log("Unloading..."); 293 | 294 | running = false; 295 | 296 | //Threading::JoinThread(inputSystemThread, nullptr); 297 | Threading::JoinThread(mainThread, nullptr); 298 | 299 | Logger::Log("Done\n"); 300 | } 301 | -------------------------------------------------------------------------------- /src/Netvars.cpp: -------------------------------------------------------------------------------- 1 | #include "Netvars.h" 2 | #include "utils/Logger.h" 3 | #include "utils/Memutils.h" 4 | #include "sdk/ClientClass.h" 5 | #include "m0dular/utils/pattern_scan.h" 6 | #include "globals.h" 7 | 8 | bool Netvars::PrintNetvars( WinProcess &process, const char *moduleName ) { 9 | uintptr_t clientHeadAddr = PatternScan::FindPattern("[48 8B 1D *?? ?? ?? ??] 48 85 DB 74 32 48 8B F7", 10 | moduleName); // xref "ClientDLL_InitRecvTableMgr: overflowed" ; one jump above 11 | if( !clientHeadAddr ){ 12 | return false; 13 | } 14 | 15 | Logger::Log("Printing Netvars...\n"); 16 | uintptr_t recvTable; 17 | int32_t propNum; 18 | uint32_t offset; 19 | PropType propType; 20 | uintptr_t prop; 21 | char buffer[256]; 22 | 23 | for(uintptr_t cClass = (uintptr_t)process.Read(clientHeadAddr); 24 | cClass; 25 | cClass = (uintptr_t)process.Read( cClass + OFFSET_OF(&ClientClass::next) ) ){ 26 | 27 | VMemRead( &process.ctx->process, process.proc.dirBase, (uint64_t)buffer, process.Read( cClass + OFFSET_OF( &ClientClass::networkName ) ), 256 ); 28 | Logger::Log( "ClientClass: %p - Network Name: %s\n", (void*)cClass, buffer ); 29 | recvTable = (uintptr_t)process.Read( cClass + OFFSET_OF( &ClientClass::recvTable ) ); 30 | propNum = process.Read( recvTable + OFFSET_OF( &RecvTable::numOfProps ) ); 31 | Logger::Log("\tPropNum: %d\n", propNum); 32 | 33 | for( int i = 0; i < propNum; i++ ){ 34 | prop = process.Read(process.Read( recvTable + OFFSET_OF( &RecvTable::pProps ) ) + (i * sizeof(uintptr_t) )); 35 | propType = process.Read( prop + OFFSET_OF( &RecvProp::dataType ) ); 36 | offset = process.Read( prop + OFFSET_OF( &RecvProp::offset ) ); 37 | VMemRead( &process.ctx->process, process.proc.dirBase, (uint64_t)buffer, process.Read( prop + OFFSET_OF( &RecvProp::name ) ), 256 ); 38 | Logger::Log("\tProp: %s(%s) - @%x\n", buffer, PropType2String( propType ), offset ); 39 | } 40 | 41 | } 42 | 43 | return true; 44 | } 45 | 46 | void Netvars::CacheNetvars( const char *moduleName ) { 47 | //uintptr_t clientHeadAddr = PatternScan::FindPattern("[48 8B 1D *?? ?? ?? ??] 48 8B AC 24", moduleName); 48 | //uintptr_t clientHeadAddr = PatternScan::FindPattern("[48 8B 1D *?? ?? ?? ??] 48 85 DB 74 32 48 8B", moduleName); // xref "ClientDLL_InitRecvTableMgr: overflowed" ; one jump above 49 | uintptr_t clientHeadAddr = PatternScan::FindPattern("[48 8B 1D *?? ?? ?? ??] 48 85 DB 74 32 48 8B F7", 50 | moduleName); // xref "ClientDLL_InitRecvTableMgr: overflowed" ; one jump above 51 | if( !clientHeadAddr ){ 52 | Logger::Log("Failed to get clientHeadAddr\n"); 53 | return; 54 | } else { 55 | Logger::Log("Clienthead @ %p\n", (void*)clientHeadAddr); 56 | } 57 | uintptr_t recvTable; 58 | int32_t propNum; 59 | uint32_t offset; 60 | PropType propType; 61 | uintptr_t prop; 62 | char className[256]; 63 | char propName[256]; 64 | 65 | for(uintptr_t cClass = (uintptr_t)process->Read(clientHeadAddr); 66 | cClass; 67 | cClass = (uintptr_t)process->Read( cClass + OFFSET_OF(&ClientClass::next) ) ){ 68 | 69 | VMemRead( &process->ctx->process, process->proc.dirBase, (uint64_t)className, process->Read( cClass + OFFSET_OF( &ClientClass::networkName ) ), 256 ); 70 | recvTable = (uintptr_t)process->Read( cClass + OFFSET_OF( &ClientClass::recvTable ) ); 71 | propNum = process->Read( recvTable + OFFSET_OF( &RecvTable::numOfProps ) ); 72 | 73 | for( int i = 0; i < propNum; i++ ){ 74 | prop = process->Read(process->Read( recvTable + OFFSET_OF( &RecvTable::pProps ) ) + (i * sizeof(uintptr_t) )); 75 | offset = process->Read( prop + OFFSET_OF( &RecvProp::offset ) ); 76 | VMemRead( &process->ctx->process, process->proc.dirBase, (uint64_t)propName, process->Read( prop + OFFSET_OF( &RecvProp::name ) ), 256 ); 77 | netvars[className][propName] = offset; 78 | } 79 | } 80 | Logger::Log("Netvars Cached.\n"); 81 | } -------------------------------------------------------------------------------- /src/Netvars.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "vmread/hlapi/hlapi.h" 3 | 4 | #include 5 | 6 | namespace Netvars 7 | { 8 | bool PrintNetvars( WinProcess &process, const char *moduleName ); 9 | void CacheNetvars( const char *moduleName ); 10 | 11 | inline std::unordered_map> netvars; 12 | } 13 | 14 | -------------------------------------------------------------------------------- /src/Signatures.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | struct Signature 4 | { 5 | uintptr_t* result; 6 | const char* module; 7 | const char* pattern; 8 | 9 | template 10 | Signature(T& ref, const char* p, const char* m) 11 | : result((uintptr_t*)&ref), module(m), pattern(p) {} 12 | }; 13 | 14 | inline const Signature signatures[] = { 15 | // Xref "Script_GetTitan" it should look like a cvar register, go into function right under string, then the 2nd function in that 16 | Signature(entList, "[48 8D 05 *?? ?? ?? ??] 44 2B", MODNAME), // 48 8D 05 ? ? ? ? 44 2B 17 | //Signature(localPlayerId, "[48 8D 15 ?? ?? ?? ??] 33 FF 49 8B D0", MODNAME), 18 | //Signature(localPlayerPtr, "[48 89 05 *?? ?? ?? ??] 48 85 C9 74 0D", MODNAME), 19 | Signature(globalVarsAddr, "F3 0F 59 CF E8 ?? ?? ?? ?? [48 8B 05 **?? ?? ?? ??] 48 85 C0 74", MODNAME), // xref for "VoiceCommVolume" - should be in same block at the bottom. 20 | Signature(inputAddr, "[48 8D 0D *?? ?? ?? ??] FF 90 ?? ?? ?? ?? FF 15 ?? ?? ?? ?? 3B", MODNAME), // xref for "OnRenderStart->CViewRender::SetUpView" - should be a few lines below that string 21 | Signature(clientStateAddr, "[48 8D 05 *?? ?? ?? ??] 48 03 C8 E8 ?? ?? ?? ?? E9", MODNAME), 22 | Signature(timescale, "[F3 0F 11 ?? *?? ?? ?? 01] F3 0F 10 ?? ?? ?? ?? 01 F3 0F 11 ?? ?? ?? ?? 01 44 89", MODNAME), 23 | Signature(forceJump, "[8b 0d *?? ?? ?? ??] c6 05 ?? ?? ?? ?? 00 f6 c1 03 75 ?? 80 3d ?? ?? ?? ?? 00 74 ?? 83 cb 02", MODNAME), 24 | }; -------------------------------------------------------------------------------- /src/features/Aimbot.cpp: -------------------------------------------------------------------------------- 1 | #include "Aimbot.h" 2 | #include "Glow.h" 3 | #include "../utils/Logger.h" 4 | 5 | #include "../utils/Math.h" 6 | #include "../utils/Wrappers.h" 7 | #include "../utils/minitrace.h" 8 | 9 | 10 | #define SMOOTH_TYPE 0 11 | #define SMOOTH_TYPE_FAST 0 12 | 13 | #define val 0.5f 14 | 15 | static void RecoilCompensation(const QAngle &viewAngle, QAngle &angle) { 16 | QAngle recoil = localPlayer.aimPunch; 17 | 18 | angle -= recoil; 19 | } 20 | 21 | float randFloat(float min, float max) { 22 | 23 | return min + static_cast (rand()) / (static_cast (RAND_MAX / (max - min))); 24 | } 25 | 26 | static void ApplyErrorToPoint(Vector *point, float margin = 5.0f) { // applying error to angle causes issues on long range 27 | Vector error; 28 | error->x = randFloat(-1, 1); 29 | error->y = randFloat(-1, 1); 30 | //error->z = randFloat(-1, 1); 31 | error *= margin; 32 | 33 | *point += error; 34 | } 35 | 36 | static void SwayCompensation(const QAngle &viewAngle, QAngle &angle) { 37 | QAngle dynamic = localPlayer.swayAngles; 38 | QAngle sway = dynamic - viewAngle; 39 | sway.Normalize(); 40 | 41 | angle -= sway; 42 | } 43 | 44 | static void SpreadCompensation(uintptr_t weapon) { // needs fix 45 | process->Write(weapon + 0x141c, -1.0f); 46 | process->Write(weapon + 0x1420, -1.0f); 47 | } 48 | 49 | void Smooth(QAngle &angle, QAngle &viewAngle) { 50 | float smooth = std::min(0.99f, val); 51 | 52 | QAngle delta = angle - viewAngle; 53 | delta.Normalize(); 54 | Math::Clamp(delta); 55 | 56 | if (delta.Length() < 0.1f) 57 | return; 58 | 59 | 60 | if (SMOOTH_TYPE == SMOOTH_TYPE_FAST) { 61 | float coefficient = (1.0f - smooth) / delta.Length() * 4.0f; 62 | coefficient = powf(coefficient, 2.0f) * 10.0f; 63 | coefficient = std::max(0.05f, coefficient); 64 | coefficient = std::min(1.0f, coefficient); 65 | 66 | delta.v = delta.v * coefficient; 67 | } else { 68 | delta.v = delta.v * (1.0f - smooth); 69 | if (delta.Length() < 2.0f) { 70 | delta.v = delta.v + (delta.v * delta.Length()); 71 | } 72 | } 73 | 74 | delta.Normalize(); 75 | angle = viewAngle + delta; 76 | } 77 | 78 | void VelocityPrediction(CBaseEntity *entity, uintptr_t weapon, float distance, float bulletVelocity, Vector &result) { 79 | // divided into two parts: charge rifle (no bullet drop) and other weapons (not done yet) 80 | Vector enemyVelocity = entity->velocity; 81 | 82 | float projectileGravityScale = process->Read(weapon + 0x1D34); 83 | 84 | float time = distance / bulletVelocity; 85 | if (time == INFINITY || time == NAN) { 86 | time = 0; 87 | } 88 | 89 | //Logger::Log("time: %f\n", time); 90 | if (time < globalVars.intervalPerTick) { 91 | //Logger::Log("setting to 0: %f\n", globalVars.intervalPerTick); 92 | time = 0.0f; 93 | } 94 | 95 | result->x += time * enemyVelocity->x; 96 | result->y += time * enemyVelocity->y; 97 | 98 | // v25 = (((*(weapon + 0x1C98) * *(gravity + 0x1A)) * 0.5) * (*(weapon + 0x1B2C) / *(weapon + 0x1C90))) / *(weapon + 0x1C90) 99 | //result->z += (enemyVelocity->z * time) + ((projectileGravityScale * 750.0f * 0.5 * powf(time, 2.0f)) / bulletVel); // Game prediction 100 | 101 | result->z += ((enemyVelocity->z * time) + ((projectileGravityScale * 750.0f) * 0.5 * powf(time, 2.0f))); 102 | result->z -= 1.0f; 103 | 104 | ApplyErrorToPoint(&result); // maybe apply error on relative head position? 105 | } 106 | 107 | void Aimbot::Aimbot() { 108 | static Vector prevPosition[101]; 109 | MTR_SCOPED_TRACE("Aimbot", "Run"); 110 | 111 | static int lastEntity = -1; 112 | static int lastEntityIndex = -1; 113 | static uintptr_t plastEntity = 0; 114 | if (!localPlayer) 115 | return; 116 | 117 | static int iterations = 0; 118 | 119 | if (!pressedKeys[KEY_LEFTALT] && clientState.m_signonState == SIGNONSTATE_INGAMEAPEX) { 120 | 121 | // if we cannot run aimbot and we arent speedhacking reset fakelag 122 | //if (!(pressedKeys & KEY_ALT)) 123 | //process->Write(clientStateAddr + OFFSET_OF(&CClientState::m_nextCmdTime), 0.0); 124 | iterations++; 125 | if (iterations > 5) { 126 | aimbotEntity = 0; 127 | lastEntity = -1; 128 | return; 129 | } 130 | } else if (pressedKeys[KEY_LEFTALT]) { 131 | iterations = 0; 132 | } 133 | 134 | QAngle localAngles = localPlayer.viewAngles; 135 | Vector localEye = localPlayer.eyePos; 136 | 137 | uintptr_t weapon = GetActiveWeapon(localPlayer); 138 | 139 | float bulletVel = process->Read(weapon + 0x1D2C); 140 | if (bulletVel == 1.0f) { // 1.0f is fists. 141 | //Logger::Log("Not aimbotting on fists\n"); 142 | return; 143 | } 144 | 145 | CBaseEntity *closestEnt = nullptr; 146 | float closest = __FLT_MAX__; 147 | float closestDist = __FLT_MAX__; 148 | Vector closestHeadPos; 149 | int closestID; 150 | if (lastEntity > validEntities.size()) 151 | lastEntity = -1; 152 | 153 | if (lastEntity != -1) { 154 | CBaseEntity &tmp = entities[validEntities[lastEntity]]; 155 | 156 | if (tmp && plastEntity && tmp.GetBaseClass().address != plastEntity) { 157 | tmp.Update(plastEntity); 158 | } 159 | 160 | if (!tmp 161 | || tmp == localPlayer 162 | || tmp.GetTeamNum() == localPlayer.GetTeamNum() 163 | || tmp.GetBleedoutState() != 0 164 | || tmp.GetLifestate() != 0 165 | || !tmp.GetPlayerState()) { 166 | lastEntity = -1; 167 | } 168 | } 169 | 170 | for (size_t entID = 0; entID < validEntities.size(); entID++) { 171 | CBaseEntity &entity = entities[validEntities[entID]]; 172 | if (!entity) { 173 | continue; 174 | } 175 | 176 | if (entity == localPlayer 177 | || entity.GetTeamNum() == localPlayer.GetTeamNum() 178 | || entity.GetBleedoutState() != 0 179 | || entity.GetLifestate() != 0 180 | || !entity.GetPlayerState()) { 181 | continue; 182 | } 183 | 184 | Vector headpos = GetBonePos(entity, 12, entity.origin); 185 | float dist = localEye.DistTo(headpos); 186 | float distFactor = Math::DistanceFOV(localAngles, QAngle(headpos - localEye), dist); 187 | float angleFov = Math::AngleFOV(localAngles, QAngle(headpos - localEye)); 188 | 189 | if (angleFov > 45.0f) { 190 | continue; 191 | } 192 | 193 | //float distFactor = Math::AngleFOV(localAngles, QAngle(headpos - localEye)); 194 | if (distFactor < closest && (lastEntity == -1 || entID == lastEntity)) { 195 | closest = distFactor; 196 | closestEnt = &entity; 197 | plastEntity = closestEnt->GetBaseClass().address; 198 | lastEntityIndex = closestEnt->index; 199 | closestDist = dist; 200 | closestHeadPos = headpos; 201 | closestID = entID; 202 | } 203 | } 204 | 205 | if (lastEntity != -1) { 206 | CBaseEntity &tmp = entities[validEntities[lastEntity]]; 207 | closestEnt = &tmp; 208 | } 209 | 210 | if (!closestEnt) { 211 | //Logger::Log("Couldn't find an ent to shoot\n"); 212 | return; 213 | } 214 | lastEntity = closestID; 215 | 216 | aimbotEntity = closestEnt->GetBaseClass().address; 217 | 218 | VelocityPrediction(closestEnt, weapon, closestDist, bulletVel, closestHeadPos); 219 | 220 | for (size_t entID = 0; entID < validEntities.size(); entID++) { 221 | CBaseEntity &entity = entities[validEntities[entID]]; 222 | if (!entity 223 | || entity == localPlayer 224 | || entity.GetTeamNum() == localPlayer.GetTeamNum() 225 | || entity.GetBleedoutState() != 0 226 | || entity.GetLifestate() != 0 227 | || !entity.GetPlayerState()) { 228 | continue; 229 | } 230 | prevPosition[entID] = entity.origin; 231 | } 232 | 233 | //#define SILENT_AIM 234 | 235 | #ifdef SILENT_AIM 236 | // if we can not fire, dont try to do silent aim (since the shot will be delayed, and aimbot will not work correctly - maybe account for tihs later?) 237 | if (process->Read(weapon + 0x7B0) > globalVars.curtime) 238 | return; 239 | 240 | if (netChan.m_chokedCommands < 2) { 241 | process->Write(clientStateAddr + OFFSET_OF(&CClientState::m_nextCmdTime), std::numeric_limits::max()); 242 | } 243 | else { 244 | int32_t commandNr= process->Read(clientStateAddr + OFFSET_OF(&CClientState::m_lastUsedCommandNr)); 245 | int32_t targetCommand = (commandNr - 1) % 300; 246 | 247 | CUserCmd userCmd = process->Read(userCmdArr + targetCommand * sizeof(CUserCmd)); 248 | 249 | // manipulate usercmd here 250 | QAngle oldAngle = userCmd.m_viewAngles; 251 | 252 | QAngle aimAngle(closestHeadPos - userCmd.m_eyePos); 253 | if (aimAngle.IsZero() || !aimAngle.IsValid()) 254 | return; 255 | 256 | //SwayCompensation(oldAngle, aimAngle, commandNr); 257 | 258 | aimAngle.Normalize(); 259 | Math::Clamp(aimAngle); 260 | 261 | Math::CorrectMovement(&userCmd, oldAngle, userCmd.m_forwardmove, userCmd.m_sidemove); 262 | 263 | userCmd.m_viewAngles = aimAngle; 264 | userCmd.m_tickCount = globalVars.tickCount; 265 | userCmd.m_buttons |= IN_ATTACK; 266 | 267 | process->Write(userCmdArr + targetCommand * sizeof(CUserCmd), userCmd); 268 | process->Write(verifiedUserCmdArr + targetCommand * sizeof(CVerifiedUserCmd), userCmd); 269 | 270 | process->Write(clientStateAddr + OFFSET_OF(&CClientState::m_nextCmdTime), 0.0); 271 | } 272 | 273 | #else 274 | QAngle aimAngle(closestHeadPos - localEye); 275 | 276 | if ((aimAngle->x == 0 && aimAngle->y == 0 && aimAngle->z == 0) || !aimAngle.IsValid()) { 277 | return; 278 | } 279 | 280 | //SpreadCompensation(weapon); // $wag 281 | 282 | SwayCompensation(localAngles, aimAngle); 283 | Smooth(aimAngle, 284 | localAngles); // seems like they introduced a server-side fair-fight like anti-cheat with season4 which bans u for not being nice, so lets at least be a bit human 285 | 286 | aimAngle.Normalize(); 287 | Math::Clamp(aimAngle); 288 | localPlayer.viewAngles = aimAngle; 289 | 290 | //process->Write(clientStateAddr + OFFSET_OF(&CClientState::m_nextCmdTime), 0.0); 291 | 292 | #endif 293 | 294 | } 295 | -------------------------------------------------------------------------------- /src/features/Aimbot.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | #include "../sdk/QAngle.h" 5 | 6 | namespace Aimbot { 7 | void Aimbot(); 8 | //extern QAngle RecoilCompensation(); 9 | } 10 | -------------------------------------------------------------------------------- /src/features/Bhop.cpp: -------------------------------------------------------------------------------- 1 | #include "Bhop.h" 2 | #include "../utils/Wrappers.h" 3 | #include "../utils/Math.h" 4 | 5 | void Bhop::Bhop(CBaseEntity &localplayer) { 6 | if (!(pressedKeys[KEY_SPACE])) { 7 | return; 8 | } 9 | 10 | if (localplayer.GetFlags() & FL_ONGROUND) { 11 | process->Write(forceJump, 6); 12 | } 13 | } 14 | 15 | void Bhop::Strafe() { 16 | return; 17 | 18 | if (netChan.m_chokedCommands < 2) { 19 | process->Write(clientStateAddr + OFFSET_OF(&CClientState::m_nextCmdTime), std::numeric_limits::max()); 20 | } else { 21 | int32_t commandNr = process->Read(clientStateAddr + OFFSET_OF(&CClientState::m_lastUsedCommandNr)); 22 | int32_t targetCommand = (commandNr - 2) % 300; 23 | 24 | // manipulate usercmd 25 | CUserCmd cmd = process->Read(userCmdArr + targetCommand * sizeof(CUserCmd)); 26 | cmd.m_sidemove = 250.0f; 27 | 28 | // write usercmd 29 | process->Write(userCmdArr + targetCommand * sizeof(CUserCmd), cmd); 30 | process->Write(verifiedUserCmdArr + targetCommand * sizeof(CVerifiedUserCmd), cmd); 31 | process->Write(clientStateAddr + OFFSET_OF(&CClientState::m_nextCmdTime), 0.0); 32 | 33 | } 34 | 35 | if (netChan.m_chokedCommands < 2) { 36 | process->Write(clientStateAddr + OFFSET_OF(&CClientState::m_nextCmdTime), std::numeric_limits::max()); 37 | } else { 38 | int32_t commandNr = process->Read(clientStateAddr + OFFSET_OF(&CClientState::m_lastUsedCommandNr)); 39 | int32_t targetCommand = (commandNr - 2) % 300; 40 | 41 | CUserCmd cmd = process->Read(userCmdArr + targetCommand * sizeof(CUserCmd)); 42 | static bool leftRight; 43 | 44 | static QAngle oldAngle; 45 | QAngle newAngle = cmd.m_viewAngles; 46 | 47 | QAngle delta = oldAngle - newAngle; 48 | float mousedx = delta->x / 0.022f; // m_pitch 49 | //Logger::Log("") 50 | float mousedy = delta->y / 0.022f; // m_yaw 51 | 52 | bool inMove = cmd.m_buttons & IN_FORWARD || cmd.m_buttons & IN_BACK || cmd.m_buttons & IN_MOVELEFT || cmd.m_buttons & IN_MOVERIGHT; 53 | Vector velocity = localPlayer.velocity; 54 | if (cmd.m_buttons & IN_FORWARD && velocity.Length() <= 50.0f) 55 | cmd.m_forwardmove = 250.0f; 56 | 57 | float yaw_change = 0.0f; 58 | if (velocity.Length() > 50.f) 59 | yaw_change = 30.0f * fabsf(30.0f / velocity.Length()); 60 | 61 | 62 | if (cmd.m_buttons & IN_ATTACK) 63 | yaw_change = 0.0f; 64 | 65 | QAngle viewAngles = localPlayer.viewAngles; 66 | 67 | if (!(localPlayer.GetFlags() & FL_ONGROUND) && !inMove) { 68 | Logger::Log("do strafe\n"); 69 | if (leftRight || mousedx > 1) { 70 | viewAngles->y += yaw_change; 71 | cmd.m_sidemove = 250.0f; 72 | Logger::Log("right\n"); 73 | } else if (!leftRight || mousedx < 1) { 74 | viewAngles->y -= yaw_change; 75 | cmd.m_sidemove = -250.0f; 76 | Logger::Log("left\n"); 77 | 78 | } 79 | 80 | leftRight = !leftRight; 81 | } 82 | 83 | viewAngles.Normalize(); 84 | 85 | Math::Clamp(viewAngles); 86 | 87 | //Math::CorrectMovement(&cmd, viewAngles, cmd.m_forwardmove, cmd.m_sidemove); 88 | oldAngle = cmd.m_viewAngles; 89 | 90 | cmd.m_viewAngles = viewAngles; 91 | process->Write(userCmdArr + targetCommand * sizeof(CUserCmd), cmd); 92 | process->Write(verifiedUserCmdArr + targetCommand * sizeof(CVerifiedUserCmd), cmd); 93 | 94 | process->Write(clientStateAddr + OFFSET_OF(&CClientState::m_nextCmdTime), 0.0); 95 | } 96 | } 97 | -------------------------------------------------------------------------------- /src/features/Bhop.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "../sdk/CBaseEntity.h" 4 | #include "../sdk/CInput.h" 5 | 6 | namespace Bhop { 7 | void Bhop( CBaseEntity &localplayer ); 8 | void Strafe(); 9 | } -------------------------------------------------------------------------------- /src/features/DumbExploits.cpp: -------------------------------------------------------------------------------- 1 | #include "DumbExploits.h" 2 | #include "../sdk/CClientState.h" 3 | #include "../globals.h" 4 | #include "../utils/Memutils.h" 5 | 6 | namespace Exploits { 7 | void Speedhack() { 8 | return; 9 | if (netChan.m_chokedCommands < 15 && !pressedKeys[KEY_SPACE] && !pressedKeys[41]) 10 | process->Write(clientStateAddr + OFFSET_OF(&CClientState::m_nextCmdTime), std::numeric_limits::max()); 11 | else 12 | process->Write(clientStateAddr + OFFSET_OF(&CClientState::m_nextCmdTime), 0.0); 13 | 14 | 15 | if (pressedKeys[KEY_W] && pressedKeys[KEY_X]) { 16 | process->Write(timescale, 5.0f); 17 | } else { 18 | process->Write(timescale, 1.0f); 19 | } 20 | 21 | return; 22 | static bool bSwitch = false; 23 | static bool activated = true; 24 | 25 | if (!(globalVars.tickCount % 20)) { 26 | activated = true; 27 | } 28 | if (!(globalVars.framecount % 40) && activated) { 29 | bSwitch = !bSwitch; 30 | } 31 | 32 | static int last = 0; 33 | Vector vel = localPlayer.velocity; 34 | float speed = vel.Length(); 35 | const float target = 800.0f; 36 | 37 | float velFactor = 0.0f; 38 | 39 | if (!(localPlayer.GetFlags() & FL_ONGROUND)) { 40 | velFactor = 4000.0f; 41 | } 42 | velFactor += target; 43 | 44 | if (speed == 0.0f) 45 | return; 46 | 47 | float factor = velFactor / speed; 48 | if (factor < 1.0f) { 49 | factor = 1.0f; 50 | } 51 | 52 | if (factor > 3.0f) { 53 | factor = 5.0f; 54 | } 55 | 56 | if (pressedKeys[KEY_W] && pressedKeys[KEY_LEFTCTRL] && pressedKeys[KEY_X] && bSwitch && netChan.m_chokedCommands < 12) { 57 | process->Write(timescale, factor); 58 | } else if (!pressedKeys[KEY_W] || !pressedKeys[KEY_LEFTCTRL] || !pressedKeys[KEY_C]) { 59 | activated = false; 60 | process->Write(timescale, 1.0f); 61 | } else { 62 | process->Write(timescale, 1.0f); 63 | } 64 | 65 | } 66 | 67 | // first concept didnt work shiet 68 | void ServerCrasher() { 69 | return; 70 | 71 | // set voicestream buffer to 0x3000 bytes into the reliable stream so we have a big buffer to works with 72 | // since the reliableStream is like 260k bytes 73 | netChan.m_streamVoice.m_data = (void *) ((uintptr_t) netChan.m_streamReliable.m_data + 0x3000); 74 | netChan.m_streamVoice.m_dataBytes = netChan.m_streamReliable.m_dataBytes - 0x3000; 75 | netChan.m_streamVoice.m_dataBits = netChan.m_streamVoice.m_dataBytes * 8; 76 | 77 | // also change the UtlMemory buffer accordingly 78 | netChan.m_voiceDataBuffer.m_memory = netChan.m_streamVoice.m_data; 79 | netChan.m_voiceDataBuffer.m_allocationCount = netChan.m_streamVoice.m_dataBytes; 80 | 81 | // maximum datagram size 82 | uint8_t data[0x40010]; 83 | memset(data, 0, 0x40010); 84 | 85 | // either write 0x1000 away from max datagram size, or whatever the curent stream size is 86 | int32_t bytesToWrite = std::min(0x40010 - 0x3000/* - (netChan.m_sendStream.m_curBit / 8)*/, netChan.m_streamVoice.m_dataBytes); 87 | if (bytesToWrite <= 0) 88 | return; 89 | 90 | // change the curbit to reflect the amount of bytes we are writing 91 | netChan.m_streamVoice.m_curBit = bytesToWrite * 8; 92 | 93 | // write 0xFF to get an invalid message - server will print the whole packet 94 | data[bytesToWrite - 2] = 0xFF; 95 | 96 | // write our data into the buffer ingame and then write the netchannel to reflect our changes 97 | VMemWrite(&process->ctx->process, process->proc.dirBase, (uint64_t) data, (uint64_t) netChan.m_streamVoice.m_data, bytesToWrite); 98 | process->Write((uint64_t) clientState.m_netChan, netChan); 99 | } 100 | } -------------------------------------------------------------------------------- /src/features/DumbExploits.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | namespace Exploits { 6 | void Speedhack(); 7 | 8 | // just for me (flaw) to test random netchannel shit for now, dont mind 9 | void ServerCrasher(); 10 | } -------------------------------------------------------------------------------- /src/features/Glow.cpp: -------------------------------------------------------------------------------- 1 | #include "Glow.h" 2 | 3 | #include "../utils/Wrappers.h" 4 | #include "../sdk/CBaseEntity.h" 5 | #include "../utils/minitrace.h" 6 | 7 | 8 | static Vector teamColors[] = { 9 | {150, 0, 0}, // red 10 | {0, 150, 0}, // green 11 | {0, 100, 0}, // dark green 12 | {130, 0, 0}, // dark red 13 | {0, 0, 125}, // dark blue 14 | {0, 0, 150}, // blue 15 | {120, 0, 120}, // purpleish 16 | {150, 150, 150}, // idk 17 | {255, 255, 255}, // white 18 | {0, 200, 200}, // cyan 19 | {255, 128, 0}, // pink 20 | {255, 255, 0}, // yellow 21 | {100, 50, 0}, // brown 22 | {96, 96, 96}, // grey 23 | {0, 0, 255}, // bright blue 24 | {255, 0, 0}, // bright red 25 | {0, 255, 0}, // bright green 26 | {50, 100, 0}, // dark slime 27 | {100, 100, 0}, // dank yellow 28 | {0, 150, 150}, // dark teal 29 | {255, 0, 255}, // hot pink - 20 30 | {255, 0, 255}, // hot pink - 20 31 | }; 32 | 33 | Vector getHealthColor(CBaseEntity Entity) { 34 | Vector result; 35 | const float multiplier = 1.00; //number we multiply our health by to get our colors(multiply our health by 2.55 to give a number we then use for the color. since 255 is the max of any color for our esp ie. 100 full health * 2.55 = 255 or max color) 36 | 37 | int red, green, blue, alpha; //colors we will solve for based on our entities health 38 | int health = Entity.health; //get entities health 39 | 40 | red = 100 - (health * multiplier); //find red value (no health = max red, full health = no red) 41 | green = health * multiplier; //find green value (full health = max green, no health = no green) 42 | blue = 0; //no blue on color scale red to green 43 | alpha = 255; //max alpha 44 | 45 | Vector Color(red, green, blue); //create color and fill it with values 46 | return Color; //return color 47 | 48 | } 49 | 50 | static void WriteItemGlow(CBaseEntity &entity, Vector &colors) { 51 | // Write members of struct independently to avoid race conditions 52 | 53 | process->Write(entity.bGlowEnable.GetAddress(), true); 54 | 55 | process->Write(entity.glowDistance.GetAddress(), __FLT_MAX__); 56 | process->Write(entity.glowFarFadeDist.GetAddress(), __FLT_MAX__); 57 | process->Write(entity.glowLifetime.GetAddress(), __FLT_MAX__); 58 | 59 | process->Write(entity.glowOutline1.GetAddress(), __FLT_MAX__); 60 | process->Write(entity.glowOutline2.GetAddress(), __FLT_MAX__); 61 | process->Write(entity.glowOutline3.GetAddress(), __FLT_MAX__); 62 | 63 | process->Write(entity.glowCol.GetAddress(), colors); 64 | 65 | 66 | //process->Write(entity.glowOutline.GetAddress(), 0x4D407D7E); 67 | } 68 | 69 | static void WriteGlow(CBaseEntity &entity, Vector &colors, float distance) { 70 | entity.bGlowEnable = true; // Enabling the Glow 71 | entity.iGlowEnable = 1; // Enabling the Glow 72 | 73 | entity.glowCol = colors; 74 | 75 | entity.glowInside1 = __FLT_MAX__; // Setting the time of the Glow to be the Max Float value so it never runs out 76 | entity.glowInside2 = __FLT_MAX__; // Setting the time of the Glow to be the Max Float value so it never runs out 77 | entity.glowInside3 = __FLT_MAX__; // Setting the time of the Glow to be the Max Float value so it never runs out 78 | entity.glowOutline1 = __FLT_MAX__; // Setting the time of the Glow to be the Max Float value so it never runs out 79 | entity.glowOutline2 = __FLT_MAX__; // Setting the time of the Glow to be the Max Float value so it never runs out 80 | entity.glowOutline3 = __FLT_MAX__; // Setting the time of the Glow to be the Max Float value so it never runs out 81 | 82 | entity.glowFarFadeDist = __FLT_MAX__; 83 | entity.glowDistance = __FLT_MAX__; //Set the Distance of the Glow to Max float value so we can see a long Distance 84 | entity.glowLifetime = __FLT_MAX__; 85 | } 86 | 87 | void Glow::Glow() { 88 | for (size_t entID = 0; entID < validEntities.size(); entID++) { 89 | 90 | CBaseEntity &entity = entities[validEntities[entID]]; 91 | if (entity.GetPlayerState()) { 92 | if (entity.GetBaseClass().address == localPlayer) { 93 | /*Vector color = Vector(0, 0, 60); 94 | 95 | WriteGlow(entity, color, 0.0f);*/ 96 | continue; 97 | } 98 | 99 | if (entity.GetTeamNum() == localPlayer.GetTeamNum()) 100 | continue; 101 | 102 | if (entity.GetBaseClass().address == aimbotEntity) { 103 | Vector color = Vector(0, 0, 100); 104 | 105 | WriteGlow(entity, color, 0.0f); 106 | continue; 107 | } 108 | 109 | if (entity.GetBleedoutState() != 0) { 110 | Vector color = Vector(48, 48, 48); 111 | 112 | WriteGlow(entity, color, 0.0f); 113 | continue; 114 | } 115 | Vector color = getHealthColor(entity); 116 | WriteGlow(entity, color, 0.0f); 117 | } else { 118 | Vector color = Vector(1, 1, 1); 119 | /* lol fuck this shit not gonna deal with race conditions anymore */ 120 | //WriteItemGlow(entity, color); 121 | continue; 122 | } 123 | } 124 | } 125 | 126 | void Glow::GlowPlayer(CBaseEntity &entity, Vector &colors) { 127 | WriteGlow(entity, colors, 100); 128 | } -------------------------------------------------------------------------------- /src/features/Glow.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include "../sdk/Vector.h" 4 | #include "../sdk/CBaseEntity.h" 5 | 6 | class CBaseEntity; 7 | 8 | namespace Glow { 9 | void Glow(); 10 | 11 | void GlowPlayer(CBaseEntity &entity, Vector &colors); 12 | } 13 | -------------------------------------------------------------------------------- /src/globals.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "vmread/hlapi/hlapi.h" 4 | #include "sdk/CBaseEntity.h" 5 | #include "sdk/CInput.h" 6 | #include "sdk/Definitions.h" 7 | #include "sdk/CGlobalVars.h" 8 | #include "sdk/CClientState.h" 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | 15 | inline std::vector validEntities; 16 | inline CBaseEntity entities[50000]; 17 | 18 | inline CBaseEntity localPlayer; 19 | inline uintptr_t aimbotEntity; 20 | inline uintptr_t entList; 21 | inline uintptr_t globalVarsAddr; 22 | inline uintptr_t clientStateAddr; 23 | inline uintptr_t inputAddr; 24 | inline uintptr_t timescale; 25 | inline uintptr_t forceJump; 26 | inline int localPlayerId; 27 | inline uintptr_t localPlayerPtr; 28 | 29 | inline uintptr_t userCmdArr; 30 | inline uintptr_t verifiedUserCmdArr; 31 | 32 | inline CGlobalVars globalVars; 33 | inline CNetChan netChan; 34 | inline CClientState clientState; 35 | 36 | inline WinProcess *process; 37 | 38 | inline uintptr_t apexBase; 39 | 40 | inline uintptr_t EACGameClient; 41 | 42 | inline bool pressedKeys[500]; // keyboard is 0-256 and mouse is > 256, so let's make the array unreasonably big to avoid overwriting other data 43 | 44 | inline bool running = true; 45 | 46 | inline std::map sway_history; -------------------------------------------------------------------------------- /src/sdk/BaseStruct.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | // https://stackoverflow.com/questions/12811330/c-compile-time-offsetof-inside-a-template 6 | template M get_member_type(M T::*); 7 | template T get_class_type(M T::*); 8 | 9 | template 13 | constexpr std::size_t offset_of() 14 | { 15 | return reinterpret_cast(&(((T*)nullptr)->*M)); 16 | } 17 | 18 | // Compile-time Offset in class ( Usage: OFFSET_OF(&classname::x) ) 19 | #define OFFSET_OF(m) offset_of() 20 | -------------------------------------------------------------------------------- /src/sdk/CBaseEntity.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "BaseStruct.h" 3 | #include "OffPtr.h" 4 | #include "QAngle.h" 5 | #include "../Netvars.h" 6 | #include "Definitions.h" // so u can use flags 7 | #include "../utils/Logger.h" 8 | 9 | #define CBASE_ENTITY_OFFSETS(HANDLER) \ 10 | HANDLER(int, 0x8, index) \ 11 | HANDLER(Vector, 0x140, velocity) \ 12 | HANDLER(Vector, 0x140, absVelocity) \ 13 | HANDLER(Vector, 0x14C, origin) \ 14 | HANDLER(Vector, 0x14C, absOrigin) \ 15 | HANDLER(int, 0x310, iGlowEnable) \ 16 | HANDLER(bool, 0x380, bGlowEnable) \ 17 | HANDLER(float, 0x2FC, glowFarFadeDist) \ 18 | HANDLER(Vector, 0x1D0, glowCol) \ 19 | HANDLER(float, 0x2e0, glowDistance) \ 20 | HANDLER(float, 0x2D0, glowInside1) \ 21 | HANDLER(float, 0x2D8, glowInside2) \ 22 | HANDLER(float, 0x2E0, glowInside3) \ 23 | HANDLER(float, 0x2D4, glowOutline1) \ 24 | HANDLER(float, 0x2DC, glowOutline2) \ 25 | HANDLER(float, 0x2E4, glowOutline3) \ 26 | HANDLER(float, 0x2E8, glowLifetime) \ 27 | HANDLER(int, 0x3F0, teamNum) \ 28 | HANDLER(int, 0x1308, id) \ 29 | HANDLER(Vector, 0x414, localAngles) \ 30 | HANDLER(uintptr_t, 0xEE0, boneMatrix) \ 31 | HANDLER(uintptr_t, 0x1944, activeWeapon) \ 32 | HANDLER(QAngle, 0x2308 , aimPunch) \ 33 | HANDLER(QAngle, 0x23C0, swayAngles) \ 34 | HANDLER(QAngle, 0x23D0, viewAngles) \ 35 | HANDLER(int, 0x3E0, health) \ 36 | HANDLER(Vector, 0x1DA8, eyePos) \ 37 | 38 | 39 | //HANDLER(Vector, 0x1C04, eyePos) \ OLD 40 | /*HANDLER(Vector, 0x4264, eyePos) \*/ 41 | 42 | #define CONSTRUCTOR_HANDLER(type, offset, name) , name(baseClass) 43 | #define DEFINE_HANDLER(type, offset, name) OffPtr name; 44 | #define WRITE_BACK_HANDLER(type, offset, name) name.WriteBack(writeList); 45 | 46 | class CBaseEntity 47 | { 48 | private: 49 | char rBuf[0x2400]; 50 | ProcessBaseClass baseClass; 51 | bool isPlayer = false; 52 | public: 53 | 54 | CBaseEntity(uintptr_t addr = 0) 55 | : baseClass(rBuf, addr) CBASE_ENTITY_OFFSETS(CONSTRUCTOR_HANDLER) 56 | { 57 | } 58 | 59 | const ProcessBaseClass& GetBaseClass() 60 | { 61 | return baseClass; 62 | } 63 | 64 | void Update(uintptr_t newAddress = 0) 65 | { 66 | if (newAddress) 67 | baseClass.address = newAddress; 68 | process->Read(baseClass.address, rBuf, sizeof(rBuf)); 69 | } 70 | 71 | void SetPlayerState(bool state = true) { 72 | isPlayer = state; 73 | } 74 | 75 | bool GetPlayerState() { 76 | return isPlayer; 77 | } 78 | 79 | void WriteBack(WriteList& writeList) 80 | { 81 | CBASE_ENTITY_OFFSETS(WRITE_BACK_HANDLER); 82 | } 83 | 84 | inline bool operator==(const CBaseEntity &o) 85 | { 86 | return baseClass.address == o.baseClass.address; 87 | } 88 | 89 | inline bool operator==(uintptr_t addr) 90 | { 91 | return baseClass.address == addr; 92 | } 93 | 94 | inline operator bool() const 95 | { 96 | return baseClass.address; 97 | } 98 | 99 | inline int GetBleedoutState() { 100 | static uint32_t offset = Netvars::netvars["CPlayer"]["m_bleedoutState"]; 101 | if( !offset ) { 102 | Logger::Log("Can't find Netvar [\"CPlayer\"][\"m_bleedoutState\"]!\n"); 103 | return -1; 104 | } 105 | return process->Read( baseClass.address + offset ); 106 | } 107 | 108 | inline int GetLifestate() { 109 | static uint32_t offset = Netvars::netvars["CPlayer"]["m_lifeState"]; 110 | if( !offset ) { 111 | Logger::Log("Can't find Netvar [\"CPlayer\"][\"m_lifeState\"]!\n"); 112 | return -1; 113 | } 114 | return process->Read( baseClass.address + offset ); 115 | } 116 | 117 | inline int GetFlags() { 118 | static uint32_t offset = Netvars::netvars["CPlayer"]["m_fFlags"]; 119 | if( !offset ) { 120 | Logger::Log("Can't find Netvar [\"CPlayer\"][\"m_fFlags\"]!\n"); 121 | return -1; 122 | } 123 | return process->Read( baseClass.address + offset ); 124 | } 125 | 126 | inline int GetTeamNum() { 127 | static uint32_t offset = Netvars::netvars["CBaseEntity"]["m_iTeamNum"]; 128 | if( !offset ){ 129 | Logger::Log("Can't find Netvar [\"CBaseEntity\"][\"m_iTeamNum\"]!\n"); 130 | return -1; 131 | } 132 | 133 | return process->Read( baseClass.address + offset ); 134 | } 135 | 136 | CBASE_ENTITY_OFFSETS(DEFINE_HANDLER) 137 | }; 138 | -------------------------------------------------------------------------------- /src/sdk/CClientState.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "BaseStruct.h" 4 | #include "Vector.h" 5 | #include "UtlMemory.h" 6 | #include "bf_write.h" 7 | 8 | #include 9 | 10 | class CNetChan; 11 | 12 | class CClientState 13 | { 14 | public: 15 | char pad_0000[96]; //0x0000 16 | class CNetChan* m_netChan; //0x0060 17 | char pad_0068[48]; //0x0068 18 | int32_t m_signonState; //0x0098 19 | char pad_009C[4]; //0x009C 20 | double m_nextCmdTime; //0x00A0 21 | uint32_t m_serverCount; //0x00A8 22 | uint32_t m_currentSequence; //0x00AC 23 | char pad_00B0[168]; //0x00B0 24 | int32_t m_deltaTick; //0x0158 25 | char pad_015C[12]; //0x015C 26 | uint32_t m_playerSlot; //0x0168 27 | char pad_016C[8]; //0x016C 28 | char m_mapFileName[64]; //0x0174 29 | char m_levelNameShort[64]; //0x01B4 30 | char m_levelName[260]; //0x01F4 31 | char pad_02F8[4]; //0x02F8 32 | int32_t m_highestClientIndex; //0x02FC 33 | char pad_0300[64]; //0x0300 34 | int32_t m_maxClients; //0x0340 35 | char pad_0344[100748]; //0x0344 36 | int32_t m_lastUsedCommandNr; //0x18CD0 37 | char pad_18CD8[60]; //0x18CD8 38 | Vector m_viewAngles; //0x18D18 39 | char gimmeMore[0x1000]; 40 | }; //Size: 0x18D24 41 | 42 | class CNetChan 43 | { 44 | public: 45 | char pad_0000[4]; //0x0000 46 | uint32_t m_outSeqNr; //0x0004 47 | uint32_t m_inSeqNr; //0x0008 48 | uint32_t m_outSeqNrAck; //0x000C 49 | uint32_t m_chokedCommands; //0x0010 50 | char pad_0014[16]; //0x0014 51 | int32_t m_socket; //0x0024 52 | char pad_0028[8]; //0x0028 53 | bf_write m_streamReliable; //0x0030 54 | CUtlMemory m_reliableDataBuffer; //0x0050 55 | bf_write m_streamUnreliable; //0x0068 56 | CUtlMemory m_unreliableDataBuffer; //0x0088 57 | bf_write m_streamVoice; //0x00A0 58 | CUtlMemory m_voiceDataBuffer; //0x00C0 59 | char pad_00D8[4]; //0x00D8 60 | uint32_t m_maxReliablePayloadSize; //0x00DC 61 | double m_lastReceived; //0x00E0 62 | double m_connectTime; //0x00E8 63 | int32_t m_rate; //0x00F0 64 | char pad_00F4[4]; //0x00F4 65 | double m_clearTime; //0x00F8 66 | char pad_0100[8]; //0x0100 67 | int32_t m_signonState; //0x0108 only display 4 and 8 68 | char pad_010C[108]; //0x010C 69 | CClientState* m_clientState; //0x0178 70 | char pad_0180[64]; //0x0180 71 | void* m_sendBuffer; //0x01C0 72 | bf_write m_sendStream; //0x01C8 73 | }; //Size: 0x01E8 -------------------------------------------------------------------------------- /src/sdk/CGlobalVars.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | class CGlobalVars 4 | { 5 | public: 6 | double realtime; 7 | int32_t framecount; //0x0008 8 | float absoluteframetime; //0x000C 9 | float curtime; //0x0010 10 | float N00000047; //0x0014 11 | float N00000018; //0x0018 12 | float N0000004A; //0x001C 13 | float N00000019; //0x0020 14 | float N0000004D; //0x0024 15 | float N0000001A; //0x0028 16 | char pad_002C[4]; //0x002C 17 | float N0000001B; //0x0030 18 | char pad_0034[12]; //0x0034 19 | int32_t tickCount; //0x0040 20 | float intervalPerTick; //0x0044 21 | }; //Size: 0x0048 22 | -------------------------------------------------------------------------------- /src/sdk/CInput.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "BaseStruct.h" 4 | #include "Vector.h" 5 | 6 | #include 7 | 8 | class CUserCmd 9 | { 10 | public: 11 | uint32_t m_commandNumber; //0x0000 12 | uint32_t m_tickCount; //0x0004 13 | float m_curtime; //0x0008 14 | QAngle m_viewAngles; //0x000C 15 | QAngle m_aimDirection; //0x0018 16 | float m_forwardmove; //0x0024 17 | float m_sidemove; //0x0028 18 | float m_upmove; //0x002C 19 | uint32_t m_buttons; //0x0030 20 | int32_t m_impulse; //0x0034 21 | char pad_0038[332]; //0x0038 22 | uint32_t m_randomSeed; //0x0184 23 | char pad_0188[8]; //0x0188 24 | vec3 m_eyePos; //0x0190 25 | char pad_019C[196]; //0x019C 26 | uint32_t m_prevTickcount; //0x0260 -- same as curr 27 | uint32_t m_nextTickcount; //0x0264 28 | char pad_01E0[8]; 29 | float m_frametime; //0x0270 30 | char pad_01EC[12]; 31 | }; //Size: 0x0280 32 | 33 | 34 | class CVerifiedUserCmd : public CUserCmd 35 | { 36 | public: 37 | uint64_t m_crc64; //0x01F8 38 | }; //Size: 0x0200 39 | 40 | class CInput 41 | { 42 | public: 43 | char pad_0000[32]; //0x0000 44 | float m_frametime; //0x0020 45 | float m_prevFrametime; //0x0024 46 | char pad_0028[136]; //0x0028 47 | uint32_t m_buttonBits; //0x00B0 48 | char pad_00B4[8]; //0x00B4 49 | float m_pingHoldStartTime; //0x00BC 50 | float m_somethingPing; //0x00C0 0.0 when not pinging. 51 | char pad_00C4[11]; //0x00C4 52 | bool m_cameraIsOrthographic; //0x00CF 53 | Vector m_previousViewAngles; //0x00D0 54 | char pad_00DC[12]; //0x00DC 55 | float m_lastForwardMove; //0x00E8 -1.0 -> 1.0 56 | int32_t m_clearInputState; //0x00EC 57 | CUserCmd* m_commands; //0x00F0 // Does not change or go null 58 | CVerifiedUserCmd* m_verifiedCommands; //0x00F8 // Does not change or go null 59 | }; //Size: 0x0100 60 | 61 | -------------------------------------------------------------------------------- /src/sdk/ClientClass.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "BaseStruct.h" 4 | 5 | 6 | // credits for some of this: https://www.unknowncheats.me/forum/1570870-post10.html 7 | enum PropType : int 8 | { 9 | INT =0, 10 | FLOAT, 11 | VECTOR, 12 | VECTORXY, 13 | STRING, 14 | ARRAY, 15 | QUATERNION, 16 | INT64, 17 | DATATABLE, 18 | NUM_SEND_PROP_TYPES, 19 | //Possible new ones 20 | TIME, 21 | TICKS, 22 | }; 23 | 24 | inline const char *PropType2String( PropType type ){ 25 | switch( type ){ 26 | case INT: 27 | return "INT"; 28 | case FLOAT: 29 | return "FLOAT"; 30 | case VECTOR: 31 | return "VECTOR"; 32 | case VECTORXY: 33 | return "VECTORXY"; 34 | case STRING: 35 | return "STRING"; 36 | case ARRAY: 37 | return "ARRAY"; 38 | case QUATERNION: 39 | return "QUATERNION"; 40 | case INT64: 41 | return "INT64"; 42 | case DATATABLE: 43 | return "DATATABLE"; 44 | case NUM_SEND_PROP_TYPES: 45 | return "NUM_SEND_PROP_TYPES"; 46 | case TIME: 47 | return "TIME"; 48 | case TICKS: 49 | return "TICKS"; 50 | default: 51 | return "UNKNOWN PROP-TYPE!"; 52 | } 53 | } 54 | 55 | class RecvProp 56 | { 57 | public: 58 | PropType dataType; //0x0000 59 | uint32_t offset; //0x0004 60 | char pad_0008[24]; //0x0008 61 | class recvTable* dataRecvTable; //0x0020 62 | char* name; //0x0028 63 | char pad_0030[56]; 64 | }; 65 | 66 | class propArray 67 | { 68 | public: 69 | class RecvProp* prop[1024]; //0x0000 70 | }; 71 | 72 | class RecvTable 73 | { 74 | public: 75 | char pad_0000[8]; //0x0000 76 | class propArray* pProps; //0x0008 77 | int32_t numOfProps; //0x0010 78 | char pad_0014[4]; //0x0014 79 | }; 80 | 81 | class ClientClass 82 | { 83 | public: 84 | void* createFn; //0x0000 85 | void* createEventFn; //0x0008 86 | char* networkName; //0x0010 87 | class RecvTable* recvTable; //0x0018 88 | class ClientClass* next; //0x0020 89 | char pad_0028[8]; //0x0028 90 | char* name; 91 | }; 92 | -------------------------------------------------------------------------------- /src/sdk/Definitions.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #define MULTIPLAYER_BACKUP 300 4 | 5 | #define M_PI 3.14159265358979323846 // matches value in gcc v2 math.h 6 | #define M_PI_F ((float)(M_PI)) // Shouldn't collide with anything. 7 | #define M_PHI 1.61803398874989484820 // golden ratio 8 | 9 | // NJS: Inlined to prevent floats from being autopromoted to doubles, as with the old system. 10 | #ifndef RAD2DEG 11 | #define RAD2DEG( x ) ( (float)(x) * (float)(180.f / M_PI_F) ) 12 | #endif 13 | 14 | #ifndef DEG2RAD 15 | #define DEG2RAD( x ) ( (float)(x) * (float)(M_PI_F / 180.f) ) 16 | #endif 17 | 18 | #define TICK_INTERVAL (globalVars.intervalPerTick) 19 | #define TIME_TO_TICKS( dt ) ( (int)( 0.5f + (float)(dt) / TICK_INTERVAL ) ) 20 | #define TICKS_TO_TIME( t ) ( TICK_INTERVAL *( t ) ) 21 | 22 | 23 | // random Source engine things that don't need their own file. 24 | 25 | #define SIGNONSTATE_NONE 0 // no state yet, about to connect 26 | #define SIGNONSTATE_CHALLENGE 1 // client challenging server, all OOB packets 27 | #define SIGNONSTATE_CONNECTED 2 // client is connected to server, netchans ready 28 | #define SIGNONSTATE_NEW 3 // just got serverinfo and string tables 29 | #define SIGNONSTATE_PRESPAWN 4 // received signon buffers 30 | #define SIGNONSTATE_SPAWN 5 // ready to receive entity packets 31 | #define SIGNONSTATE_FULL 6 // we are fully connected, first non-delta packet received 32 | #define SIGNONSTATE_CHANGELEVEL 7 // server is changing level, please wait 33 | #define SIGNONSTATE_INGAMEAPEX 8 // In Game Apex ( Note: The Lobby is literally a server ) 34 | 35 | 36 | #define IN_ATTACK (1 << 0) // 1 37 | #define IN_JUMP (1 << 1) // 2 38 | #define IN_DUCK (1 << 2) // 4 39 | #define IN_FORWARD (1 << 3) // 8 40 | #define IN_BACK (1 << 4) // 16 41 | #define IN_USE (1 << 5) // 32 42 | #define IN_CANCEL (1 << 6) // 64 43 | #define IN_LEFT (1 << 7) // 128 44 | #define IN_RIGHT (1 << 8) // 256 45 | #define IN_MOVELEFT (1 << 9) // 512 46 | #define IN_MOVERIGHT (1 << 10) // 1024 47 | #define IN_UNKNOWN (1 << 11) // 2048 48 | #define IN_RELOAD (1 << 12) // 4096 49 | #define IN_SWAPGUN (1 << 13) // 8k // Used with IN_USE to pick stuff up 50 | #define IN_UNKNOWN2 (1 << 14) // 16k 51 | #define IN_SPRINT (1 << 15) // 32k 52 | #define IN_ZOOM (1 << 16) // 64k // Right click 53 | /* 54 | #define IN_SPEED (1 << 17) // 128k // Player is holding the speed key 55 | #define IN_WALK (1 << 18) // Player holding walk key 56 | #define IN_ZOOM (1 << 19) // Zoom key for HUD zoom 57 | #define IN_WEAPON1 (1 << 20) // weapon defines these bits 58 | #define IN_WEAPON2 (1 << 21) // weapon defines these bits 59 | #define IN_BULLRUSH (1 << 22) 60 | #define IN_GRENADE1 (1 << 23) // grenade 1 61 | #define IN_GRENADE2 (1 << 24) // grenade 2 62 | */ 63 | 64 | #define FL_ONGROUND (1<<0) // At rest / on the ground 65 | /* 66 | #define FL_DUCKING (1<<1) // Player flag -- Player is fully crouched 67 | #define FL_WATERJUMP (1<<2) // player jumping out of water 68 | #define FL_ONTRAIN (1<<3) // Player is _controlling_ a train, so movement commands should be ignored on client during prediction. 69 | #define FL_INRAIN (1<<4) // Indicates the entity is standing in rain 70 | #define FL_FROZEN (1<<5) // Player is frozen for 3rd person camera 71 | #define FL_ATCONTROLS (1<<6) // Player can't move, but keeps key inputs for controlling another entity 72 | #define FL_CLIENT (1<<7) // Is a player 73 | #define FL_FAKECLIENT (1<<8) // Fake client, simulated server side; don't send network messages to them 74 | // NON-PLAYER SPECIFIC (i.e., not used by GameMovement or the client .dll ) -- Can still be applied to players, though 75 | #define FL_INWATER (1<<9) // In water 76 | */ -------------------------------------------------------------------------------- /src/sdk/OffPtr.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "../../modules/vmread/hlapi/hlapi.h" // WinProcess 3 | 4 | extern WinProcess* process; 5 | 6 | template 7 | struct OffPtr; 8 | 9 | class ProcessBaseClass 10 | { 11 | protected: 12 | template 13 | friend struct OffPtr; 14 | 15 | char* readBuf; 16 | public: 17 | uintptr_t address; 18 | 19 | ProcessBaseClass(char* rBuf, uintptr_t addr = 0) 20 | : readBuf(rBuf), address(addr) {} 21 | }; 22 | 23 | template 24 | struct OffPtr 25 | { 26 | const ProcessBaseClass& baseClass; 27 | bool dirty = false; 28 | 29 | OffPtr(const ProcessBaseClass& base) 30 | : baseClass(base) { } 31 | 32 | OffPtr(const ProcessBaseClass& base, size_t& maxOff) 33 | : OffPtr(base) 34 | { 35 | maxOff = maxOff > off ? maxOff : off; 36 | } 37 | 38 | constexpr T& GetDirect() const 39 | { 40 | return *(T*)((uintptr_t)baseClass.readBuf + off); 41 | } 42 | 43 | constexpr operator T() const 44 | { 45 | return GetDirect(); 46 | } 47 | 48 | inline auto& operator=(const T& v) 49 | { 50 | GetDirect() = v; 51 | dirty = true; 52 | return *this; 53 | } 54 | 55 | inline size_t GetOffset() { 56 | return off; 57 | } 58 | 59 | inline uintptr_t GetAddress() { 60 | return (uintptr_t) (baseClass.address + off); 61 | } 62 | 63 | inline void WriteBack(WriteList& writeList) 64 | { 65 | if (dirty) 66 | writeList.Write(baseClass.address + off, GetDirect()); 67 | dirty = false; 68 | } 69 | }; 70 | -------------------------------------------------------------------------------- /src/sdk/QAngle.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "Vector.h" 4 | #include "math.h" 5 | 6 | enum { 7 | PITCH = 0, // up / down 8 | YAW, // left / right 9 | ROLL // fall over 10 | }; 11 | 12 | class QAngleByValue; 13 | class QAngle { 14 | public: 15 | Vector v; 16 | 17 | QAngle() 18 | : v() {} 19 | 20 | QAngle(const Vector& fv) 21 | : v(fv.GetAngles(true)) {} 22 | 23 | inline auto operator->() { 24 | return v.operator->(); 25 | } 26 | 27 | inline auto& operator[](size_t idx) { 28 | return v[idx]; 29 | } 30 | 31 | inline void Normalize() { 32 | v.NormalizeAngles<3>(-180.f, 180.f); 33 | 34 | while (v->x > 89.0f) 35 | v->x -= 180.0f; 36 | 37 | while (v->x < -89.0f) 38 | v->x += 180.0f; 39 | 40 | v->z = 0; 41 | } 42 | 43 | inline float Length() const { 44 | return v.Length(); 45 | } 46 | 47 | inline bool IsValid() const { 48 | return !isnan(v[0]) && !isnan(v[1]) && !isnan(v[2]); 49 | } 50 | 51 | inline bool IsZero() const { 52 | return v->x == v->y == v->z == 0.f; 53 | } 54 | 55 | inline auto operator+(const QAngle& o) const { 56 | QAngle ret = *this; 57 | ret.v += o.v; 58 | return ret; 59 | } 60 | 61 | inline auto operator-(const QAngle& o) const { 62 | QAngle ret = *this; 63 | ret.v -= o.v; 64 | return ret; 65 | } 66 | 67 | inline auto operator*(const QAngle& o) const { 68 | QAngle ret = *this; 69 | ret.v *= o.v; 70 | return ret; 71 | } 72 | 73 | inline auto operator/(const QAngle& o) const { 74 | QAngle ret = *this; 75 | ret.v /= o.v; 76 | return ret; 77 | } 78 | 79 | inline auto& operator+=(const QAngle& o) { 80 | v += o.v; 81 | return *this; 82 | } 83 | 84 | inline auto& operator-=(const QAngle& o) { 85 | v -= o.v; 86 | return *this; 87 | } 88 | 89 | inline auto& operator*=(const QAngle& o) { 90 | v *= o.v; 91 | return *this; 92 | } 93 | 94 | inline auto& operator/=(const QAngle& o) { 95 | v /= o.v; 96 | return *this; 97 | } 98 | 99 | }; 100 | -------------------------------------------------------------------------------- /src/sdk/UtlMemory.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | // lol wer relaly dont need all the funcs etc since we are external and cant call them anyways 6 | class CUtlMemory 7 | { 8 | public: 9 | void* m_memory; //0x0000 10 | int64_t m_allocationCount; //0x0008 11 | int64_t m_growSize; //0x0010 12 | }; //Size: 0x0018 -------------------------------------------------------------------------------- /src/sdk/Vector.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "m0dular/math/vector.h" 3 | 4 | #define FastSqrt(x) (sqrtf)(x) 5 | #define VALVE_RAND_MAX 0x7fff 6 | 7 | using Vector = vec3; 8 | -------------------------------------------------------------------------------- /src/sdk/bf_write.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "BaseStruct.h" 3 | #include "Vector.h" 4 | 5 | #include 6 | 7 | class bf_write 8 | { 9 | public: 10 | void* m_data; //0x0000 11 | int32_t m_dataBytes; //0x0008 12 | int32_t m_dataBits; //0x000C 13 | int32_t m_curBit; //0x0010 14 | bool m_overflow; //0x0014 15 | bool m_assertOnOverflow; //0x0015 16 | char pad_0016[2]; //0x0016 17 | char* m_debugName; //0x0018 18 | }; //Size: 0x0020 -------------------------------------------------------------------------------- /src/utils/Handles.cpp: -------------------------------------------------------------------------------- 1 | #include "m0dular/utils/handles.h" 2 | #include "../globals.h" 3 | 4 | ModuleInfo Handles::GetModuleInfo(const char *module) 5 | { 6 | WinDll *moduleInfo = process->GetModuleInfo(module); 7 | 8 | if (!moduleInfo) 9 | return { nullptr, 0, 0 }; 10 | 11 | return { (void *)moduleInfo, moduleInfo->info.baseAddress, moduleInfo->info.sizeOfModule }; 12 | } 13 | -------------------------------------------------------------------------------- /src/utils/InputSystem.cpp: -------------------------------------------------------------------------------- 1 | #include "InputSystem.h" 2 | 3 | // https://github.com/LWSS/evdev-mirror 4 | 5 | // This struct is the same at 6 | struct input_value { 7 | uint16_t type; 8 | uint16_t code; 9 | int32_t value; 10 | }; 11 | 12 | void InputSystem::InputSystem() { 13 | static int fd = open("/dev/input/evdev-mirror", O_RDONLY /*| O_NONBLOCK*/); 14 | struct input_value input; 15 | 16 | if (fd < 0) { 17 | Logger::Log("Error opening evdev-mirror! (%d), %d\n", fd, errno); 18 | return; 19 | } 20 | 21 | while (running) { 22 | // if zero bytes, keep goin... 23 | ssize_t n = read(fd, &input, sizeof(input_value)); 24 | 25 | static ssize_t s = sizeof(input_value); 26 | 27 | if (n == -1 || n != s) { 28 | break; 29 | } 30 | 31 | if (input.type == EV_KEY && input.value >= 0 && input.value <= 2) { 32 | pressedKeys[input.code] = input.value > 0; 33 | } 34 | //Logger::Log("Key: %d - state: %d\n", input.code, input.value); 35 | //std::this_thread::sleep_for(std::chrono::milliseconds(1)); 36 | } 37 | } -------------------------------------------------------------------------------- /src/utils/InputSystem.h: -------------------------------------------------------------------------------- 1 | #ifndef APE_EX_INPUTSYSTEM_H 2 | #define APE_EX_INPUTSYSTEM_H 3 | 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | 14 | #include "../globals.h" 15 | 16 | namespace InputSystem { 17 | extern void InputSystem(); 18 | } 19 | 20 | 21 | #endif //APE_EX_INPUTSYSTEM_H 22 | -------------------------------------------------------------------------------- /src/utils/Logger.cpp: -------------------------------------------------------------------------------- 1 | #include "Logger.h" 2 | 3 | #include // setbuf, fopen, fclose.. 4 | #include // va_list, va_start, va_arg, va_end 5 | #include 6 | #include 7 | //LMODE 8 | #include "vmread/definitions.h" 9 | 10 | #if (LMODE() != MODE_EXTERNAL()) 11 | #define LOGFILE_NAME "/tmp/apex.log" 12 | #endif 13 | 14 | void Logger::Log( const char *format, ... ) { 15 | char buffer[4096]; 16 | FILE *logFile; 17 | #if (LMODE() == MODE_EXTERNAL()) 18 | logFile = stdout; 19 | #else 20 | static bool bFirst = true; 21 | 22 | if ( bFirst ) { 23 | logFile = fopen(LOGFILE_NAME, "w"); // create new log 24 | bFirst = false; 25 | if (logFile) 26 | fprintf(logFile, "--Start of log--\n"); 27 | } else { 28 | logFile = fopen(LOGFILE_NAME, "a"); // append to log 29 | } 30 | 31 | if (!logFile) 32 | return; 33 | #endif 34 | 35 | va_list args; 36 | va_start(args, format); 37 | vsnprintf(buffer, 4096, format, args); 38 | fprintf(logFile, buffer); 39 | va_end(args); 40 | fflush(logFile); 41 | #if (LMODE() != MODE_EXTERNAL()) 42 | fclose(logFile); 43 | #endif 44 | } 45 | -------------------------------------------------------------------------------- /src/utils/Logger.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | namespace Logger { 4 | void Log( const char *format, ... ); 5 | } 6 | -------------------------------------------------------------------------------- /src/utils/Math.h: -------------------------------------------------------------------------------- 1 | #include "../sdk/Vector.h" 2 | #include "../sdk/QAngle.h" 3 | #include "../utils/Logger.h" 4 | #include "../sdk/CInput.h" 5 | #include "../sdk/Definitions.h" 6 | 7 | namespace Math { 8 | 9 | inline void Clamp(QAngle &angles) { 10 | if (angles[YAW] > 180.0f) { 11 | angles[YAW] = 180.0f; 12 | } else if (angles[YAW] < -180.0f) { 13 | angles[YAW] = -180.0f; 14 | } 15 | 16 | if (angles[PITCH] > 89.0f) { 17 | angles[PITCH] = 89.0f; 18 | } else if (angles[PITCH] < -89.0f) { 19 | angles[PITCH] = -89.0f; 20 | } 21 | angles[ROLL] = 0.0f; 22 | } 23 | 24 | inline float AngleFOV(const QAngle &viewAngle, const QAngle &aimAngle) { 25 | QAngle delta = viewAngle - aimAngle; 26 | delta.Normalize(); 27 | float fov = delta.Length(); 28 | if (fov > 180.0f) 29 | fov -= 360.0f; 30 | 31 | fov = fabsf(fov); 32 | return fov; 33 | } 34 | 35 | inline float DistanceFOV(const QAngle &viewAngle, const QAngle &aimAngle, const float distance) { 36 | float angleFOV = AngleFOV(viewAngle, aimAngle); 37 | angleFOV /= 90.0f; 38 | 39 | float distanceFOV = angleFOV * distance; 40 | 41 | return distanceFOV; 42 | } 43 | 44 | inline void CorrectMovement(CUserCmd* cmd, QAngle oldAngles, float oldForward, float oldSide) { 45 | float deltaAngles; 46 | float f1; 47 | float f2; 48 | 49 | if (oldAngles->y < 0.f) 50 | f1 = 360.0f + oldAngles->y; 51 | else 52 | f1 = oldAngles->y; 53 | 54 | if (cmd->m_viewAngles->y < 0.0f) 55 | f2 = 360.0f + cmd->m_viewAngles->y; 56 | else 57 | f2 = cmd->m_viewAngles->y; 58 | 59 | if (f2 < f1) 60 | deltaAngles = abs(f2 - f1); 61 | else 62 | deltaAngles = 360.0f - abs(f1 - f2); 63 | 64 | deltaAngles = 360.0f - deltaAngles; 65 | 66 | cmd->m_forwardmove = cos(DEG2RAD(deltaAngles)) * oldForward + cos(DEG2RAD(deltaAngles + 90.f)) * oldSide; 67 | cmd->m_sidemove = sin(DEG2RAD(deltaAngles)) * oldForward + sin(DEG2RAD(deltaAngles + 90.f)) * oldSide; 68 | } 69 | } 70 | -------------------------------------------------------------------------------- /src/utils/Memutils.cpp: -------------------------------------------------------------------------------- 1 | #include "m0dular/utils/memutils.h" 2 | #include "../globals.h" 3 | 4 | //TODO: Add thread-local process selection 5 | void ReadMem(void* destination, void* source, size_t size) 6 | { 7 | process->Read((uint64_t)source, destination, size); 8 | } 9 | 10 | void WriteMem(void* destination, void* source, size_t size) 11 | { 12 | process->Write((uint64_t)destination, source, size); 13 | } 14 | -------------------------------------------------------------------------------- /src/utils/Memutils.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "vmread/hlapi/hlapi.h" 3 | #include "Logger.h" 4 | 5 | inline uintptr_t GetAbsoluteAddressVm( WinProcess &proc, uintptr_t instructionPtr, int offset, int size ) { 6 | if( !instructionPtr ){ 7 | return 0; 8 | } 9 | return instructionPtr + proc.Read( instructionPtr + offset ) + size; 10 | } 11 | -------------------------------------------------------------------------------- /src/utils/Wrappers.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "../globals.h" 4 | 5 | #include "../sdk/CBaseEntity.h" 6 | #include "../sdk/Vector.h" 7 | #include "../sdk/QAngle.h" 8 | #include "Logger.h" 9 | 10 | struct BoneMatrix { 11 | char __buff_0x00[0xC];//0x00 12 | float x;//0xC 13 | char __buff_0x10[0xC];//0x10 14 | float y;//0x1c 15 | char __buff_0x20[0xC];//0x20 16 | float z;//0x2c 17 | }; 18 | 19 | inline Vector GetBonePos(CBaseEntity &entity, int bone, const Vector &origin) { 20 | uintptr_t p_matrix = entity.boneMatrix; 21 | 22 | if (!p_matrix) 23 | return Vector(); 24 | 25 | BoneMatrix matrix = process->Read(p_matrix + bone * sizeof(BoneMatrix)); 26 | Vector bonePos = Vector(matrix.x, matrix.y, matrix.z); 27 | bonePos += origin; 28 | 29 | return bonePos; 30 | } 31 | 32 | inline uintptr_t GetEntityById(ssize_t ent) { 33 | uintptr_t baseEntity = process->Read(entList); 34 | 35 | if (!baseEntity || !ent) { 36 | return (uintptr_t) NULL; 37 | } 38 | 39 | return process->Read(entList + (ent << 5)); 40 | } 41 | 42 | inline uintptr_t GetActiveWeapon(CBaseEntity &entity) { 43 | uintptr_t weapon = entity.activeWeapon; 44 | if (!weapon) 45 | return 0; 46 | //Logger::Log("Weapon ptr: %p\n", (void*)weapon); 47 | 48 | weapon &= 0xFFFF; 49 | 50 | if (!weapon) 51 | return 0; 52 | //Logger::Log("ID: %i\n", weapon); 53 | 54 | return GetEntityById(weapon); 55 | } 56 | 57 | inline uintptr_t GetLocalPlayerById() { 58 | localPlayerId = process->Read(apexBase + 0x1060b44); // TODO: sig this 59 | 60 | for (int ent = 1; ent < 100; ent++) { 61 | uintptr_t entity = GetEntityById(ent); 62 | if (!entity) 63 | continue; 64 | 65 | int tmpId = process->Read(entity + 0x8); 66 | if (tmpId == localPlayerId) { 67 | return entity; 68 | } 69 | } 70 | return 0; 71 | } 72 | 73 | inline uintptr_t GetLocalPlayer() { 74 | //uintptr_t localPlayerPtr = process->Read(apexBase + 0x22E3078); 75 | //return localPlayerPtr; 76 | return GetLocalPlayerById(); 77 | } 78 | 79 | 80 | inline bool IsPlayer(uintptr_t entity) { 81 | char buffer[20]; 82 | VMemRead(&process->ctx->process, process->proc.dirBase, (uint64_t) buffer, process->Read(entity + 0x518), 20); 83 | if (buffer[0] == '\0') 84 | return false; 85 | 86 | return !strcmp(buffer, "player"); 87 | } 88 | 89 | inline bool IsProp(uintptr_t entity) { 90 | static bool doOnce = false; 91 | if (!doOnce) { 92 | doOnce = true; 93 | int entityCount = process->Read(apexBase + 0xC016EA0); 94 | for (int ent = 1; ent < entityCount; ent++) { 95 | char buffer[32]; 96 | uintptr_t p_entity = GetEntityById(ent); 97 | if (!p_entity) continue; 98 | 99 | VMemRead(&process->ctx->process, process->proc.dirBase, (uint64_t) buffer, process->Read(p_entity + 0x518), 20); 100 | 101 | int mask = process->Read(p_entity + 0x270); 102 | //Logger::Log("string: %s, id: %i, mask: %i\n", buffer, ent, mask); 103 | } 104 | 105 | } 106 | char buffer[20]; 107 | 108 | VMemRead(&process->ctx->process, process->proc.dirBase, (uint64_t) buffer, process->Read(entity + 0x518), 20); 109 | if (buffer[0] == '\0') 110 | return false; 111 | bool state = !strcmp(buffer, "prop_survival"); 112 | 113 | if (state) { 114 | //Logger::Log("%p is a prop\n", entity); 115 | } 116 | return state; 117 | } -------------------------------------------------------------------------------- /src/utils/minitrace.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #define MTR_SCOPED 4 | #include "m0dular/submodules/minitrace/minitrace.h" 5 | #ifdef MTR_ENABLED 6 | #define MTR_SCOPED_TRACE(cat, name) auto scopedTrace = MTRScopedTrace(cat, name); 7 | #else 8 | #define MTR_SCOPED_TRACE(cat, name) 9 | #endif 10 | --------------------------------------------------------------------------------