API tools faq
paste
Advertisement
TheRouletteBoi

AimBot

TheRouletteBoi
May 17th, 2015
1,736
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 13.14 KB | None | 0 0
raw download clone embed print report
  1. //Angles for those willing to make aimbots...
  2. //It doesn't work when in vehicle tho, I may give it a look later, and the pointer is constantly changing... Anyways, any Q feel //free to ask, It's kinda messy
  3. //Angles are in rads btw.
  4.  
  5. #define K_TPSCAMERATHISPTR               0x001DCF1B0
  6. #define K_FPSCAMERAANGLESOFFSET          0x001DCE670
  7. #define K_GETTPSCAMERAOFFSET             0x0027E5D0  
  8. //Weird class names, but as long as I understand them, it's aight for me...
  9.  
  10. ------------------------------------------------------------------------------------------------------------
  11. class CGameCameraAngles
  12. {
  13. public:
  14.     CCameraManagerAngles* pMyCameraManagerAngles; //0x0000
  15.     char _0x0008[56];
  16.  
  17. };//Size=0x0040
  18.  
  19. class CCameraManagerAngles
  20. {
  21. public:
  22.     CCameraAngles* pMyCameraAngles; //0x0000
  23.  
  24. };//Size=0x0008
  25.  
  26. class CCameraAngles
  27. {
  28. public:
  29.     char _0x0000[960];
  30.     CPlayerAngles* pMyFPSAngles; //0x03C0
  31.     char _0x03C8[16];
  32.     __int64 pTPSCamEDX; //0x03D8  // This is passed as second parameter to oGetTPSCamera
  33.     char _0x03E0[40];
  34.  
  35. };//Size=0x0408
  36.  
  37. class CPlayerAngles
  38. {
  39. public:
  40.     char _0x0000[64];
  41.     float fUnknwn_X; //0x0040  // Seems to change the X angle too but still weird
  42.     D3DXVECTOR3 vViewAngles; //0x0044
  43.     char _0x0050[64];
  44.  
  45. };//Size=0x0090  
  46.  
  47. ------------------------------------------------------------------------------------------------------------------
  48. .text:000000000027D2D4 sub_27D2D4      proc near               ; CODE XREF: .text:00000000007FB185p
  49. .text:000000000027D2D4                                         ; sub_8CF714+15Cp ...
  50. .text:000000000027D2D4
  51. .text:000000000027D2D4 arg_0           = qword ptr  8
  52. .text:000000000027D2D4
  53. .text:000000000027D2D4                 mov     [rsp+arg_0], rbx
  54. .text:000000000027D2D9                 push    rdi
  55. .text:000000000027D2DA                 sub     rsp, 20h
  56. .text:000000000027D2DE                 mov     rbx, rcx
  57. .text:000000000027D2E1                 mov     rdx, rcx //         QWORD qwEDX = pGameCam->pMyCameraManagerAngles->pMyCameraAngles->pTPSCamEDX;
  58. .text:000000000027D2E4                 mov     rcx, cs:TPSCAMERATHISPTR
  59. .text:000000000027D2EB                 call     oGetTPSCamera // Returns NULL if FPS Cam
  60. .text:000000000027D2F0                 mov     rcx, cs:TPSCAMERATHISPTR
  61. .text:000000000027D2F7                 mov     rdx, rbx
  62. .text:000000000027D2FA                 mov     rdi, rax
  63. .text:000000000027D2FD                 call    sub_27B334
  64. .text:000000000027D302                 mov     ecx, [rbx+1408h]
  65. .text:000000000027D308                 shr     ecx, 0Dh
  66. .text:000000000027D30B                 test    cl, 1
  67. .text:000000000027D30E                 jz      short loc_27D337
  68. .text:000000000027D310                 mov     rcx, cs:qword_1DCE690
  69. .text:000000000027D317                 cmp     byte ptr [rcx+2E7h], 0
  70. .text:000000000027D31E                 jnz     short loc_27D337
  71. .text:000000000027D320                 cmp     dword ptr [rcx+2E0h], 3
  72. .text:000000000027D327                 jz      short loc_27D337
  73. .text:000000000027D329                 add     rcx, 1F0h
  74. .text:000000000027D330                 call    sub_2536D4
  75. .text:000000000027D335                 jmp     short loc_27D3A5
  76. .text:000000000027D337 ; -------------------------------------------------------------.text:000000000027D337 loc_27D337:                             ; CODE XREF: sub_27D2D4+3Aj
  77. .text:000000000027D337                                         ; sub_27D2D4+4Aj ...
  78. .text:000000000027D337                 test    rdi, rdi
  79. .text:000000000027D33A                 jz      short loc_27D38E
  80. .text:000000000027D33C                 mov     rax, [rdi]
  81. .text:000000000027D33F                 mov     rcx, rdi
  82. .text:000000000027D342                 call    qword ptr [rax+28h] //             pPlayerAngles = (CPlayerAngles*)((LPVOID)(QWORD(pPlayerAngles) + 0x390));
  83.  
  84. .text:000000000027D345                 mov     rbx, rax
  85. .text:000000000027D348                 movss   xmm0, dword ptr [rax]  
  86.  
  87. -----------------------------------------------------------------------------------------------------------------------------
  88. typedef CPlayerAngles*(__fastcall* GetTPSCamera_t)(LPVOID pECX, LPVOID pEDX); // If NULL is returned, then We are on First Person.
  89. GetTPSCamera_t           oGetTPSCamera  = NULL;  
  90. ----------------------------------------------------------------------------------------------------------------------------
  91. CGameCameraAngles* pGameCamManager = (CGameCameraAngles*)(qBaseAddr + K_FPSCAMERAANGLESOFFSET);
  92. MyFunctions::oGetTPSCamera  = (GetTPSCamera_t)((QWORD)(qwGameBase + K_GETTPSCAMERAOFFSET));  
  93.  
  94. ---------------------------------------------------------------------------------------------------------------------------
  95. CPlayerAngles* MyFunctions::GetCurrentCamera()
  96. {
  97.     CPlayerAngles* pPlayerAngles = NULL;
  98.     CGameCameraAngles* pGameCam = MyVariables::pGameCamManager;
  99.     if (pGameCam)
  100.     {
  101.         QWORD qwEDX = pGameCam->pMyCameraManagerAngles->pMyCameraAngles->pTPSCamEDX;
  102.  
  103.         pPlayerAngles = oGetTPSCamera((LPVOID)*(QWORD*)(MyVariables::qBaseAddr + K_TPSCAMERATHISPTR), (LPVOID)qwEDX);
  104.         if (pPlayerAngles)
  105.         {
  106.             pPlayerAngles = (CPlayerAngles*)((LPVOID)(QWORD(pPlayerAngles) + 0x390));
  107.         }
  108.         else
  109.         {
  110.             pPlayerAngles = pGameCam->pMyCameraManagerAngles->pMyCameraAngles->pMyFPSAngles;
  111.         }
  112.     }
  113.         MyVariables::pPlayerAngles = pPlayerAngles; // Why not!
  114.         return pPlayerAngles;
  115. }  
  116.  
  117.  
  118. -----------------------------------------------------------------------------------------------------------------------------
  119. VOID MyFunctions::SetViewAngles(D3DXVECTOR3& vAngles)
  120. {
  121.    
  122.     GetCurrentCamera();
  123.     if (MyVariables::pPlayerAngles)
  124.     {
  125.         CPlayerAngles* pPlayerAngles = MyVariables::pPlayerAngles;
  126.  
  127.         pPlayerAngles->vViewAngles.x = vAngles.x;
  128.         pPlayerAngles->vViewAngles.y = vAngles.y;
  129.     }
  130. }  
  131. -----------------------------------------------------------------------------------------------------------------------------
  132. BOOL MyFunctions::GetViewAngles(D3DXVECTOR3& vAngles)
  133. {
  134.     BOOL bReturn = FALSE;
  135.     GetCurrentCamera();
  136.     if (MyVariables::pPlayerAngles)
  137.     {
  138.         vAngles = (MyVariables::pPlayerAngles->vViewAngles);
  139.         bReturn = TRUE;
  140.     }
  141.     return bReturn;
  142. }
  143. -----------------------------------------------------------------------------------------------------------------------------
  144. Signature:
  145. 57 48 83 EC 20 48 8B D9 48 8B D1 ? ? ? ? ? ? ? E8 ? ? ? ? ? ? ? ? ? ? ? 48 8B D3 48 8B F8 E8 ? ? ? ?
  146. Should show up two matches, they are all fine
  147.  
  148. Leads to:
  149. .text:000000000027D2D9                 push    rdi
  150. .text:000000000027D2DA                 sub     rsp, 20h
  151. .text:000000000027D2DE                 mov     rbx, rcx
  152. .text:000000000027D2E1                 mov     rdx, rcx //         QWORD qwEDX = pGameCam->pMyCameraManagerAngles->pMyCameraAngles->pTPSCamEDX;
  153. .text:000000000027D2E4                 mov     rcx, cs:TPSCAMERATHISPTR
  154. .text:000000000027D2EB                 call     oGetTPSCamera // Returns NULL if FPS Cam
  155. .text:000000000027D2F0                 mov     rcx, cs:TPSCAMERATHISPTR
  156.  
  157. -----------------------------------------------------------------------------------------------------------------------------
  158. ? ? ? ? ? ? ? 4A 8B 1C F0 48 85
  159. K_FPSCAMERAANGLESOFFSET    // Pointer to the CGameCameraAngles class, check my post above...
  160.  
  161. 57 48 83 EC 20 48 8B D9 48 8B D1 ? ? ? ? ? ? ? E8 ? ? ? ? ? ? ? ? ? ? ? 48 8B D3 48 8B F8 E8 ? ? ? ?
  162. K_TPSCAMERATHISPTR  // Value/Address passed as RDX ( SecondParameter ) to oGetTPSCamera  
  163. oGetTPSCamera addr will be found around the K_TPSCAMERATHISPTR addr, the function returns null if you're on first person
  164. ----------------------------------------------------------------------------------------------------------------------------
  165. //Sin and Cos vals switch between those two values aswel which means that the Yaw can be calculated this way:
  166.  
  167. //Get X Angle:
  168. // sin(alpha) = opposite/hyp
  169. vAngle.x = (vDist.y / f2DDistance);
  170. // I may be wrong but my guessing is that the yaw is nothing but the sin/cos of an angle and not the angle itself like we're used to in other games  
  171. //where vDist.y = vEnemy.y - vLocal.y ( worldposition, if you have bone pos, you could use it aswel)
  172. //and f2DDistance is the length of the 2D Vector position(X, Y)
  173.  
  174. //There are several values with the same sin and cos, but only one per quadrant so consider that when calculating the x angle...
  175.  
  176. //Hope you got my point, i'm rly bad explaining stuff... Try it out and let us know plz
  177. --------------------------------------------------------------------------------------------------------------------------------
  178. class CGameCameraAngles
  179. {
  180. public:
  181.     CCameraManagerAngles* pMyCameraManagerAngles; //0x0000
  182.     char _0x0008[56];
  183.  
  184. };//Size=0x0040
  185.  
  186. class CCameraManagerAngles
  187. {
  188. public:
  189.     CCameraAngles* pMyCameraAngles; //0x0000
  190.  
  191. };//Size=0x0008
  192.  
  193. class CCameraAngles
  194. {
  195. public:
  196.     char _0x0000[960];
  197.     CPlayerAngles* pMyFPSAngles; //0x03C0
  198.     char _0x03C8[16];
  199.     __int64 pTPSCamEDX; //0x03D8  // This is passed as second parameter to oGetTPSCamera
  200.     char _0x03E0[40];
  201.  
  202. };//Size=0x0408
  203.  
  204. class CPlayerCameraData
  205. {
  206. public:
  207.     char _0x0000[48];
  208.     float Fov_Zoom; //0x0030
  209.     char _0x0034[36];
  210.     __int32 m_ZoomState; //0x0058 1 = Normal, 0 = Zoom, 10000+ = FPS
  211.  
  212. };//Size=0x0548
  213.  
  214. class CPlayerAngles
  215. {
  216. public:
  217.     char _0x0000[16];
  218.     CPlayerCameraData* CamData; //0x0010
  219.     __int32 m_UnknownCounter; //0x0018
  220.     char _0x001C[20];
  221.     D3DXVECTOR3 weird_ViewAngles; //0x0030
  222.     char _0x003C[4];
  223.     float fUnknwn_X; //0x0040
  224.     D3DXVECTOR3 vViewAngles; //0x0044
  225. };//Size=0x0840
  226. Offsets for non-Steam
  227. -------------------------------------------------------------------------------------------------------------------------------
  228. #define K_TPSCAMERATHISPTR               0x001DCBD40
  229. #define K_FPSCAMERAANGLESOFFSET          0x001DCB200
  230. #define K_GETTPSCAMERAOFFSET             0x0027E06C
  231. -------------------------------------------------------------------------------------------------------------------------------
  232. World 2 Screen
  233.  
  234. bool Math::worldToScreen(CVector3 entityPosition, CVector3 &out){
  235.     D3DXVECTOR4 vUpward, vRight, vForward;
  236.     D3DXMATRIX  mView = matricManager->pMatrices->mViewMatrix;
  237.    
  238.  
  239.     D3DXMatrixTranspose(&mView, &mView);
  240.     vForward = D3DXVECTOR4(mView._41, mView._42, mView._43, mView._44);
  241.     vRight = D3DXVECTOR4(mView._21, mView._22, mView._23, mView._24);
  242.     vUpward = D3DXVECTOR4(mView._31, mView._32, mView._33, mView._34);
  243.  
  244.     out.z = (vForward.x * entityPosition.x) + (vForward.y * entityPosition.y) + (vForward.z * entityPosition.z) + vForward.w;
  245.     out.x = (vRight.x * entityPosition.x) + (vRight.y * entityPosition.y) + (vRight.z * entityPosition.z) + vRight.w;
  246.     out.y = (vUpward.x * entityPosition.x) + (vUpward.y * entityPosition.y) + (vUpward.z * entityPosition.z) + vUpward.w;
  247.     if (out.z < 0.001f)
  248.         return false;
  249.  
  250.     float invw = 1.0f / out.z;
  251.     out.x *= invw;
  252.     out.y *= invw;
  253.     int width = viewport.Width;
  254.     int height = viewport.Height;
  255.     float xTmp = width / 2;
  256.     float yTmp = height / 2;
  257.  
  258.     xTmp += (int)(0.5*out.x*width + 0.5);
  259.     yTmp -= (int)(0.5*out.y*height + 0.5);
  260.  
  261.     out.x += xTmp;
  262.     out.y = yTmp;
  263.  
  264.     return true;
  265. }
  266. ---------------------------------------------------------------------------------------------------------------------------------
  267. extern "C" void* GetBonePositionASM(CPlayer* pThis, D3DXVECTOR4& vBonePosition, D3DXVECTOR4* pBoneVec);  
  268. PHP Code:
  269. D3DXVECTOR4 MyFunctions::GetBonePosition(CPlayer* pThis, D3DXVECTOR4& vBone4D)
  270. {
  271.     __declspec(align(16)) D3DXVECTOR4 v3DBonePos;
  272.     __declspec(align(16)) D3DXVECTOR4 v4DBonePos;
  273.  
  274.     v4DBonePos = vBone4D;
  275.     GetBonePositionASM(pThis, v3DBonePos, &v4DBonePos);
  276.  
  277.     return v3DBonePos;
  278. }  
  279.  
  280. --------------------------------------------------------------------------------------------------------------------------------
  281. .data
  282. .code
  283. GetBonePositionASM proc
  284.  
  285. ; RCX = pThis
  286. ; RDX = &vBonePosition
  287. ; R8  = pBoneVec
  288.  
  289.     TEST   R8, R8
  290.     JZ     RETURN_NULL_PTR
  291.  
  292.     MOV    RAX, QWORD PTR[RCX+180h];
  293.     MOVAPS XMM1, XMMWORD PTR[R8];
  294.  
  295.     PSHUFD XMM2, XMM1, 000h;
  296.     PSHUFD XMM0, XMM1, 055h;
  297.  
  298.     MULPS  XMM2, XMMWORD PTR[RAX+000h];
  299.     MULPS  XMM0, XMMWORD PTR[RAX+010h];
  300.  
  301.     PSHUFD XMM1, XMM1, 0AAh;
  302.  
  303.     ADDPS  XMM2, XMMWORD PTR[RAX+030h];
  304.     MULPS  XMM1, XMMWORD PTR[RAX+020h];
  305.  
  306.     ADDPS  XMM2, XMM0;
  307.     ADDPS  XMM2, XMM1;
  308.  
  309.     MOVAPS XMMWORD PTR[RDX+000h], XMM2;
  310.  
  311. RETURN_NULL_PTR:
  312.     XOR    RAX, RAX;
  313.     RET;
  314.  
  315. GetBonePositionASM endp
  316. end  
  317. -----------------------------------------------------------------------------------------------------------------------------
  318. //usage
  319.  
  320. vBonePos3D = MyFunctions::GetBonePosition(pPlayer, pPlayer->vHead);
  321. if (MyFunctions::World2Screen(vBonePos3D, MyVariables::vScreenPos))
  322. -----------------------------------------------------------------------------------------------------------------------------
  323. Engine W2S sig: 48 89 5C 24 ? 55 56 57 48 83 EC 70 65 4C 8B 0C 25 ? ? ? ?
  324.  
  325. //( not tested )
  326. bool __fastcall WorldToScreen(Vec3 & worldPos, float & screenPosX, float & screenPosY )
  327. //or use native unk_0x1F950E4B which is world2screen
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!