ta_trainer
Advanced Cheater
![]() Reputation: 0
Joined: 24 Dec 2006
Posts: 76
|
 Posted: Sat Sep 26, 2015 7:56 am Post subject: [source] Aimbot Template in Lua |
 |
|
Hi
I would like to contribute to the community with an aimbot source template in Lua script.
I have commented the code as much as I can.
if you understand the aimbot concept, then you should be able to make an aimbot for any game using the code below with slight modification.
credit goes to Fleep on youtube for explaining the concept. check his youtube channel "Guided Hacking"
This is a working code for a MP FPS game which I can not disclose its name as MP cheats are not allowed. you could use it for SP FPS games too.
I have written the code from scratch. except for the support functions and the D3D code which I gathered from the forum.
feel free to use the code and have fun
| Code: |
Author: TA_Trainer. AKA Hasoon
--===========================================
--D3D stuff
--will display an "X" on screen indicating the distance of the closest enemy from crosshair
--the closer the "X" to crosshair, the close the enemy to you.
--===========================================
d3dhook_initializeHook()
font=createFont()
font = createFont()
font_setName(font, "Trebuchet MS")
font_setSize(font, 14)
font_setColor(font, 0x0000ff)
fontmap=d3dhook_createFontmap(font)
DisplayedTextObject=d3dhook_createTextContainer(fontmap,100,100,'X')
d3dhook_renderobject_setX(DisplayedTextObject, 0)
d3dhook_renderobject_setY(DisplayedTextObject, 0)
d3dhook_textcontainer_setText(DisplayedTextObject, "X")
d3dhook_renderobject_setX(DisplayedTextObject, (1920.0/2.0))
d3dhook_renderobject_setY(DisplayedTextObject, (1080.0/2.0))
--===========================================
--Global Variables:
--===========================================
address = {} --breakpoint addresses
address.MyAngleAndPosition = "D9 87 1C 01 00 00 D9 45 AC" --This pattern is part of a managed .dll. can only be found in game match!
address.AllPlayersArray = "8B 41 10 8B 40 28 8B 49 14 8B 49 78" --This pattern is part of a managed .dll. can only be found in game match!
PnO = {} --pointers and offsets of interest
aimBotInfo = {} --aimbot variables
myPlayer= {} -- my player valriables
myEnemy = {} --my enemy variables
--===========================================
--functions directly related to hack
--===========================================
--initialize/reset global variables
function initialize()
PnO = { --pointers and offsets
--these are the variables that u need to find in order for the aimbot to work
Base0 = nil; --ECX from AllPlayersArray breakpoint
Base1 = nil; --EDI from MyAngleAndPosition breakpoint
BC = {ptr = 0x0, offset1 = 0x10}; -- this is botController pointer and offset from ECX
Client = {ptr = 0x0, offset1 = 0x14} ;--this is client pointer from ECX
CPlayerData = {ptr = 0x0, offset1 = 0x28} ;--from BC
myIndex = {ptr = 0x0, offset1 = 0x78}; --my player index, taken from Client
name = {ptr = 0x0, offset1 = 0x10 , offset2 = 0x8 , offset3 = 0xc}; --from CPlayerData
team = {ptr = 0x0, offset1 = 0x10 , offset2 = 0x48 }; --from CPlayerData
isDead = {ptr = 0x0, offset1 = 0x10 , offset2 = 0x49 }; --from CPlayerData
isActive = {ptr = 0x0, offset1 = 0x10 , offset2 = 0x3c }; --from CPlayerData
POSX = {ptr = 0x0, offset1 = 0x10 , offset2 = 0x60 } ;--from CPlayerData
POSY = {ptr = 0x0, offset1 = 0x10 , offset2 = 0x64 }; --from CPlayerData
POSZ = {ptr = 0x0, offset1 = 0x10 , offset2 = 0x68 }; --from CPlayerData
myPOSX = {ptr = 0x0, offset1 = 0x1a8}; --from MyAngleAndPosition breakpoint
myPOSY = {ptr = 0x0, offset1 = 0x1aC}; --from MyAngleAndPosition breakpoint
myPOSZ = {ptr = 0x0, offset1 = 0x1B0}; --from MyAngleAndPosition breakpoint
myAngleX = {ptr = 0x0, offset1 = 0x11C}; --from MyAngleAndPosition breakpoint
myAngleY = {ptr = 0x0, offset1 = 0x120}; --from MyAngleAndPosition breakpoint
}
aimBotInfo = {
enable = true;
index = nil; -- enemy index under target
distance = 1000.0; -- enemy distance (should hold minmum distance)
maxDistance = 110.0; -- max distance for the aimbot to work at ( i am setting it to my weapon max distance)
targetAngle = {x = 0.0,y = 0.0} ; --enemy target angles x,y
--the below are temprary aimbot data holding latest index,distance,angle. after 32 players been compared, the best will be copied to the above.
indexCounter = 0; --counter looping all 32 player (0 to 31)
tempIndex = -1;
tempDistance = 1000; -- latest min distance found
tempAngle = {x = 0.0,y = 0.0} ; -- latest angle for latest min distance found
}
myPlayer= {
pointer= 0x0; --my player pointer
index = 0x0; -- my player index
POS = {x = 0.0, y = 0.0, z = 0.0}; -- my player position
team = 100; -- my team number (0 to 1)
Name = "TA_Trainer"; -- my name in game
isDead = 1; -- is dead flag (1 = dead, 0 = alive)
anglePointer = {x = 0x0, y = 0x0}; -- pointer of my angle x,y
angle = {x = 0.0,y = 0.0} ; -- my trageting angle
}
myEnemy = {
pointer= 0x0; -- enemy pointer
POS = {x = 0.0, y = 0.0, z = 0.0}; --enemy position
team = 100; --enemy team
Name = "YouCanNotHide"; --enemy name
isDead = 1; -- enemy isDead flag
}
end
--calculate distance and angle from my vector to enemy vector
function GetDistanceAndAngle(startPOS,endPOS)
deltaX = (endPOS.x - startPOS.x)
deltaY = (endPOS.y - startPOS.y)
deltaZ = (endPOS.z - startPOS.z)
dist = math.sqrt(
math.pow((endPOS.x - startPOS.x), 2.0) +
math.pow((endPOS.y - startPOS.y), 2.0) +
math.pow((endPOS.z - startPOS.z), 2.0))
xzlength = math.sqrt((deltaX * deltaX) + (deltaZ * deltaZ))
angleX = math.atan2(deltaY, xzlength) * (-57.2957795)
angleY = math.atan2(deltaX, deltaZ) * (57.2957795)
return dist,angleX,angleY -- this will retun 3 results (distance, angle X and angle Y) between two vectors
end
--get player info by index i
function GetCPlayerData(i)
--PnO.Base1 = ECX -- do not forget to set ECX from the breakpoint
if(PnO.Base1 ~= nil) then --only
PnO.BC.ptr = readPointer(PnO.Base1 + PnO.BC.offset1)
PnO.Client.ptr = readPointer(PnO.Base1 + PnO.Client.offset1)
PnO.CPlayerData.ptr = readPointer(PnO.BC.ptr + PnO.CPlayerData.offset1)
PnO.myIndex.ptr = PnO.Client.ptr + PnO.myIndex.offset1
PnO.name.ptr = readPointer(readPointer(PnO.CPlayerData.ptr+i*4+PnO.name.offset1) + PnO.name.offset2)+PnO.name.offset3
PnO.team.ptr = readPointer(PnO.CPlayerData.ptr+i*4+PnO.team.offset1)+PnO.team.offset2
PnO.isDead.ptr = readPointer(PnO.CPlayerData.ptr+i*4+PnO.isDead.offset1)+PnO.isDead.offset2
PnO.isActive.ptr = readPointer(PnO.CPlayerData.ptr+i*4+PnO.isActive.offset1)+PnO.isActive.offset2
PnO.POSX.ptr = readPointer(PnO.CPlayerData.ptr+i*4+PnO.POSX.offset1)+PnO.POSX.offset2
PnO.POSY.ptr = readPointer(PnO.CPlayerData.ptr+i*4+PnO.POSY.offset1)+PnO.POSY.offset2
PnO.POSZ.ptr = readPointer(PnO.CPlayerData.ptr+i*4+PnO.POSZ.offset1)+PnO.POSZ.offset2
local myIndex = readInteger(PnO.myIndex.ptr)
if(readInteger(PnO.isActive.ptr) == 1) then
if(myIndex ~= i) then
myEnemy.pointer= PnO.CPlayerData.ptr+i*4+0x10;
myEnemy.POS.x = readFloat(PnO.POSX.ptr);
myEnemy.POS.y = readFloat(PnO.POSY.ptr)+1.5;
myEnemy.POS.z = readFloat(PnO.POSZ.ptr);
myEnemy.team = readBytes(PnO.team.ptr,1);
myEnemy.Name = readString(PnO.name.ptr,512,true);
myEnemy.isDead = readBytes(PnO.isDead.ptr,1);
else
myPlayer.index = myIndex;
myPlayer.team = readBytes(PnO.team.ptr,1);
myPlayer.Name = readString(PnO.name.ptr,64,true);
myPlayer.isDead = readBytes(PnO.isDead.ptr,1);
end
return true
else
return false
end
else
return false
end
end
--get my player info
function getMyPlayerInfo()
--PnO.Base0 = EDI
if(PnO.Base0 ~= nil) then
PnO.myPOSX.ptr = PnO.Base0 + PnO.myPOSX.offset1
PnO.myPOSY.ptr = PnO.Base0 + PnO.myPOSY.offset1
PnO.myPOSZ.ptr = PnO.Base0 + PnO.myPOSZ.offset1
PnO.myAngleX.ptr = PnO.Base0 + PnO.myAngleX.offset1
PnO.myAngleY.ptr = PnO.Base0 + PnO.myAngleY.offset1
myPlayer.pointer= PnO.Base0;
myPlayer.POS = {x = readFloat(PnO.myPOSX.ptr), y = readFloat(PnO.myPOSY.ptr), z = readFloat(PnO.myPOSZ.ptr)};
myPlayer.anglePointer = {x = PnO.myAngleX.ptr, y = PnO.myAngleY.ptr};
myPlayer.angle = {x = readFloat(PnO.myAngleX.ptr),y = readFloat(PnO.myAngleY.ptr)} ;
--print(string.format("myPlayer.pointer =%X | myPOSX =%X | myPOSY =%X | myPOSZ =%X | myAngleX.ptr =%X | myAngleY.ptr =%X | X = %f | Y = %f | Z %f | angX %f | angY %f",myPlayer.pointer,PnO.myPOSX.ptr,PnO.myPOSY.ptr,PnO.myPOSZ.ptr,PnO.myAngleX.ptr,PnO.myAngleY.ptr,myPlayer.POS.x,myPlayer.POS.y,myPlayer.POS.z,myPlayer.angle.x,myPlayer.angle.y))
end
end
--aimbot logic!
function AimBot()
targetFound = false
if(aimBotInfo.enable and (PnO.Base0~=nil) and (PnO.Base1~=nil)) then
if (GetCPlayerData(aimBotInfo.indexCounter)) then
if ((myEnemy.isDead == 0) and (myPlayer.isDead == 0) and (myEnemy.team ~= myPlayer.team) and (aimBotInfo.indexCounter ~= myPlayer.index)) then
tempDistance, tempAngleX, tempAngleY = GetDistanceAndAngle(myPlayer.POS, myEnemy.POS)
if(tempDistance < aimBotInfo.tempDistance and tempDistance <= aimBotInfo.maxDistance) then
aimBotInfo.tempIndex = aimBotInfo.indexCounter
aimBotInfo.tempDistance = tempDistance
aimBotInfo.tempAngle.x = tempAngleX
aimBotInfo.tempAngle.y = tempAngleY
end
end
end
if(aimBotInfo.indexCounter == 31) then --finishd passing all players, now copy best result to aimBot
if(aimBotInfo.tempIndex ~= -1)then
targetFound = true
aimBotInfo.index = aimBotInfo.tempIndex --this can be used if wanted to get more info about the enemy, like pos,name,team...etc
aimBotInfo.distance = aimBotInfo.tempDistance
aimBotInfo.targetAngle.x = aimBotInfo.tempAngle.x
aimBotInfo.targetAngle.y = aimBotInfo.tempAngle.y
end
--reset
aimBotInfo.tempDistance = 1000.0; --set it to max for next loop (32)
aimBotInfo.indexCounter = -1 -- reset the loop (not zero because it will be incremented in the second line)
aimBotInfo.tempIndex = -1
end
aimBotInfo.indexCounter = aimBotInfo.indexCounter + 1
end
--only return true if there is at least one valid enemy index
if(targetFound) then
return true
else
return false
end
end
--===========================================
--Support Functions
--===========================================
--AoB Scanner
function AOBScan2(pattern)
local startaddr = 0x00000000
local endaddr = 0xFFFF00000
local memscan = createMemScan()
memscan_returnOnlyOneResult(memscan, true)
memscan_firstScan(memscan, soExactValue, vtByteArray, 0, pattern, "", startaddr, endaddr, "*X*W*C", 0, "", true, true, false, false)
memscan_waitTillDone(memscan)
return memscan_getOnlyResult(memscan)
end
--find breakpoints from patterns and print the results
function FindBreakPointAddresses()
for k,v in pairs(address) do
address[k] = AOBScan2(v)
if address[k] == nil then
print("Error: couldnt find AOB " .. v)
else
print(string.format("%s @ 0x%X",k,address[k]))
end
end
address.Loop=getAddress("main.Transform::GetPosition")-- add static addresses here
end
---------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------
-- On Breakpoint Stuff - The real stuff
---------------------------------------------------------------------------------------
function debugger_onBreakpoint()
---------------------------------------------------------
if(EIP == address.AllPlayersArray) then
PnO.Base1 = ECX
return 1
---------------------------------------------------------
elseif (EIP == address.MyAngleAndPosition) then
if(PnO.Base0 == nil) then --on first time, just set it to EDI
PnO.Base0 = EDI
elseif(PnO.Base0 ~= EDI) then --if it has changed (i.e joined a different match...etc)
initialize() --reset the whole thing
PnO.Base0 = EDI
end
return 1
---------------------------------------------------------
elseif(EIP == address.Loop) then
if(aimBotInfo.indexCounter == 0 ) then getMyPlayerInfo() end
if (AimBot() and isKeyPressed(VK_RBUTTON)) then
writeFloat(myPlayer.anglePointer.x, aimBotInfo.targetAngle.x )
writeFloat(myPlayer.anglePointer.y, aimBotInfo.targetAngle.y )
d3dhook_renderobject_setY(DisplayedTextObject, (1080/2)+aimBotInfo.distance) --draw X from center of the screen + enemy distance as offset
end
return 1
end
return 1
end
---------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------
-- Finally - Set the breakpoints here to trigger the hack
---------------------------------------------------------------------------------------
function main()
unpause()
print("Game Version: " .. "My secret game! v0.0")
print("Lua Script: " .. "1.0v" .."\n")
FindBreakPointAddresses()
debug_removeBreakpoint(address.MyAngleAndPosition);
debug_removeBreakpoint(address.AllPlayersArray);
debug_removeBreakpoint(address.Loop);
initialize()
debug_setBreakpoint(address.MyAngleAndPosition);
debug_setBreakpoint(address.AllPlayersArray);
debug_setBreakpoint(address.Loop);
end
--run the script
main()
--------------------------------------------------------------------------------------- |
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
