diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2018-07-02 01:06:39 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2018-07-02 03:08:59 +0200 |
| commit | c2a2445897af17adb56a32dcf111312763a575d4 (patch) | |
| tree | ad459cdd682aff3a011d11b6f2a3c518c60dec6a /csgo_radar | |
initial commit
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'csgo_radar')
| -rwxr-xr-x | csgo_radar/.gitignore | 5 | ||||
| -rw-r--r-- | csgo_radar/Makefile | 22 | ||||
| -rwxr-xr-x | csgo_radar/csgo.cbp | 55 | ||||
| -rwxr-xr-x | csgo_radar/main.c | 820 |
4 files changed, 902 insertions, 0 deletions
diff --git a/csgo_radar/.gitignore b/csgo_radar/.gitignore new file mode 100755 index 0000000..7728fbf --- /dev/null +++ b/csgo_radar/.gitignore @@ -0,0 +1,5 @@ +/csgo.depend +/csgo.layout +/bin +*.o +*.exe diff --git a/csgo_radar/Makefile b/csgo_radar/Makefile new file mode 100644 index 0000000..f569cca --- /dev/null +++ b/csgo_radar/Makefile @@ -0,0 +1,22 @@ +CC = i686-w64-mingw32-gcc +CXX = i686-w64-mingw32-g++ +CFLAGS := -Iinclude -Os -s -Wall -fvisibility=hidden -ffunction-sections -fdata-sections -ffast-math -fomit-frame-pointer -fexpensive-optimizations -Wl,--gc-sections -m32 -static -static-libgcc -static-libstdc++ +LDFLAGS := + + +all: csgo_radar + +%.o: %.c + @echo 'Building file: $<' + @echo 'Invoking: GCC C Compiler' + $(CC) $(CFLAGS) -D_GNU_SOURCE=1 -DPSAPI_VERSION=1 -DUNICODE=1 -std=gnu99 $(CFLAGS) -c -fmessage-length=0 -MMD -MP -MF"$(@:%.o=%.d)" -MT"$(@:%.o=%.d)" -o $@ $< + @echo 'Finished building: $<' + @echo ' ' + + +csgo_radar: main.o + @echo 'Building target: $@' + @echo 'Invoking: GCC C Linker' + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^ -lpsapi + @echo 'Finished building target: $@' + @echo ' ' diff --git a/csgo_radar/csgo.cbp b/csgo_radar/csgo.cbp new file mode 100755 index 0000000..d826159 --- /dev/null +++ b/csgo_radar/csgo.cbp @@ -0,0 +1,55 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes" ?> +<CodeBlocks_project_file> + <FileVersion major="1" minor="6" /> + <Project> + <Option title="csgo_hack" /> + <Option pch_mode="2" /> + <Option compiler="gcc" /> + <Build> + <Target title="stable"> + <Option output="bin/stable" prefix_auto="1" extension_auto="1" /> + <Option object_output="obj/" /> + <Option type="1" /> + <Option compiler="gcc" /> + </Target> + <Target title="dev"> + <Option output="bin/dev" prefix_auto="1" extension_auto="1" /> + <Option object_output="obj/" /> + <Option type="1" /> + <Option compiler="gcc" /> + <Compiler> + <Add option="-g" /> + <Add option="-DENABLE_DEBUG=1" /> + </Compiler> + </Target> + <Target title="hRadar"> + <Option output="csgo_hack" prefix_auto="1" extension_auto="1" /> + <Option type="0" /> + <Option compiler="gcc" /> + <Compiler> + <Add option="-DENABLE_HRADAR=1" /> + </Compiler> + </Target> + </Build> + <Compiler> + <Add option="-Wmain" /> + <Add option="-Wall" /> + <Add option="-DPSAPI_VERSION=1 -DUNICODE=1 -D_UNICODE=1" /> + </Compiler> + <Linker> + <Add option="-static-libgcc -static" /> + <Add library="C:\MinGW\lib\libpsapi.a" /> + <Add library="C:\MinGW\lib\libkernel32.a" /> + </Linker> + <Unit filename="main.c"> + <Option compilerVar="CC" /> + <Option target="stable" /> + <Option target="dev" /> + </Unit> + <Extensions> + <code_completion /> + <envvars /> + <debugger /> + </Extensions> + </Project> +</CodeBlocks_project_file> diff --git a/csgo_radar/main.c b/csgo_radar/main.c new file mode 100755 index 0000000..82dbb8b --- /dev/null +++ b/csgo_radar/main.c @@ -0,0 +1,820 @@ +/***************************************** + * Simple CS:GO ExternalRadar/(InGameRadar)Hack/MemDumper + * + * 1. playing fair is for loosers + * 2. fuck your moral! + * 3. goto 1 + * + * coded by lnslbrty/dev0, \x90 + * + * recommendations (mingw32): + * CFLAGS=-Wall -DPSAPI_VERSION=1 -DUNICODE=1 -D_UNICODE=1 + * LDFLAGS=-static-libgcc -static [PATH_TO_LIBPSAPI].a [PATH_TO_LIBKERNEL32].a + * Windows PowerShell as Terminal Emulator + *****************************************/ + + +#include <stdio.h> +#include <wchar.h> +#include <windows.h> +#include <tchar.h> +#include <psapi.h> +#include <string.h> +#include <math.h> + + +#define BPATTERN_SIZ(pat) (sizeof(pat)/sizeof(pat[0])) + +/* memory scanning pattern for BASEPOINTER */ +#define ENT_BASEPTR_PATTERN { 0xC1, 0xE6, 0x04, 0x81, 0xC6, 0x00, 0x00, 0x00, 0x00, 0x89, 0x45, 0xFC, 0x89, 0x06 } +#define ENT_BASEPTR_MASK "xxxxx????xxxxx" +#define ENT_BASEPTR_OFFPOS 0x5 +#define ENT_BASEPTR_OFFSIZ 0x10 +/* " LOCALPLAYER which should be usually YOU */ +#define LOCLPLY_PATTERN { 0x03, 0xC0, 0xD5 } +#define LOCLPLY_MASK "xxx" +#define LOCLPLY_OFFPOS 0x10 +/* " RADAR */ +#define RADROFF_PATTERN { 0x44, 0xC0, 0xFF, 0xFF, 0xB8, 0x1D, 0xFF, 0xFF, 0xE8, 0xED, 0xFF, 0xFF, 0xE0, 0xCE } +#define RADROFF_MASK "xx??xx??xx??xx" +#define RADROFF_OFFPOS 0x8C + +/* offsets */ +/* adr: [client.dll + ENTBASE + (ENTLOOP * entidx)] */ +#define ENTLOOP 0x10 // ENTITY POINTER are stored in a field with size 0x10 per entry +/* adr: [entity_adr + TEAMOFF] */ +#define TEAMOFF 0xF0 // Team? Terror? Counter? Spectator? +#define HLTHOFF 0xFC // current health of the entity +#define STTSOFF 0x100 // what does the entity do? crouching? sneaky peaky? +#define ENTPOSA 0x134 // entity position which is a FLOAT[3] +#define ENTVELA 0x110 // entity velocity +#define ENTSPOT 0x935 // is entity spotted? (WRITEABLE!) +#define AWPNOFF 0x12C0 // current weapon offset +#define WEPONID 0x1684 // weapon id: [ [AWPNOFF] + WEPONID ] +#define RADRPTR 0x50 // RADAR POINTER +#define RADNAME 0x24 // name of the radar entity +#define RADSIZE 0x1E0 // radar size is used for looping through the list of radar entities (see ENTLOOP) +#define VECPUNC 0x13DC // PUNCH VECOTR when some1 or smth hits you (WRITEABLE!) +#define ACCPENL 0x1668 // ACCURACY PENALITY (not WRITEABLE anymore -> is done server side) +#define AIMANGL 0x239C // entity AIMING ANGLE +#define ACCOUNT 0x238C // MONEY MONEY MONEY ... +#define ARMORVL 0x2398 // current ARMOE value +#define FLASHAL 0x1da0 // ALPHA value if you get hit by a FLASHBANG (TODO: USE IT FOR HACKING FLASHBANGS!) + +#define AIMANGL_MINY -89.0f +#define AIMANGL_MAXY 89.0f +#define AIMANGL_MINX -180.0f +#define AIMANGL_MAXX 180.0f + +#define PROCLEN 256 +#define MAXPLAYER 32 +#define MAXNAMELEN 32 +#define RAD_ENEMY_DIST 1000.0f + + +#define ENTOFF(idx) (DWORD)(baseEntAdr+(ENTLOOP*idx)) +#define GET_ENTITY(dllBaseAdr, eidx) readPtr(dllBaseAdr, ENTOFF(eidx)) +#define readMem(baseAdr, data, siz) _readMem(baseAdr, data, siz, __FILE__, __LINE__) +#define readPtr(baseAdr, offset) _readPtr(baseAdr, (DWORD) offset, __FILE__, __LINE__) + +#ifdef ENABLE_DEBUG +#define DEBUG_VAR pfile +#define DEBUG_FILE "./log.txt" +static FILE *DEBUG_VAR = NULL; +#define DEBUG_INIT DEBUG_VAR = fopen(DEBUG_FILE,"a+"); if (DEBUG_VAR == NULL) perror("fopen"); +#define DEBUG_LOG(msg, ...) fprintf(DEBUG_VAR, "[%s:%d] ", __FILE__, __LINE__); fprintf(DEBUG_VAR, msg, __VA_ARGS__); +#define WDEBUG_LOG(msg, ...) fwprintf(DEBUG_VAR, L"[%hs:%d] ", __FILE__, __LINE__); fwprintf(DEBUG_VAR, msg, __VA_ARGS__); +#define DEBUG_FLUSH fflush(DEBUG_VAR); +#define DEBUG_CLOSE fclose(DEBUG_VAR); +#else +#define DEBUG_VAR pfile +#define DEBUG_FILE +#define DEBUG_INIT +#define DEBUG_LOG(msg, ...) +#define WDEBUG_LOG(msg, ...) +#define DEBUG_FLUSH +#define DEBUG_CLOSE +#endif // ENABLE_DEBUG + + +/* structure for storing pointers to values */ +struct off_ent +{ + BOOL valid; + LPCVOID entBase; + LPCVOID statusAdr; + LPCVOID teamAdr; + LPCVOID healthAdr; + LPCVOID posAdr; + LPCVOID radAdr; + LPCVOID wpnAdr; + LPCVOID sptAdr; + LPCVOID velAdr; + LPCVOID accAdr; + LPCVOID armAdr; +}; +struct off_ent oe[MAXPLAYER]; + +/* weapon specific stuff like ID and NAME */ +#define WPNLEN 5 +struct weapon_class +{ + UINT8 wid; + const wchar_t name[WPNLEN+1]; +}; +#define WP(id,nm) { id, nm } +struct weapon_class wpns[] = +{ + WP(0 ,L"NONE"), WP(1 ,L"DGLE"), WP(4 ,L"GL18"), WP(2 ,L"DUAL"), WP(36,L"P250"), + WP(30,L"TEC9"), WP(35,L"NOVA"), WP(25,L"XM10"), WP(29 ,L"SAWD"), WP(14,L"M249"), + WP(28,L"NEGV"), WP(17,L"MAC1"), WP(33,L" MP7"), WP(24 ,L" UMP"), WP(19,L" P90"), + WP(26,L"BZON"), WP(42,L"KNFE"), WP(49,L"BOMB"), WP(13 ,L"GLIL"), WP(39,L"SG53"), + WP(7, L"AK47"), WP(9 ,L"*AWP"), WP(11,L"AUTO"), WP(31 ,L"ZEUS"), WP(44,L"GRND"), + WP(43,L"FLSH"), WP(47,L"DCOY"), WP(46,L"MOLO"), WP(255,L"NONE"), WP(32,L" P2k"), + WP(8 ,L"BULL"), WP(16,L"M4A1"), WP(45,L"SMKE"), WP(3 ,L"5SVN"), WP(27,L"MAG7"), + WP(34,L" MP9"), WP(10,L"FMAS"), WP(38,L"SCAR"), WP(40 ,L" SSG"), WP(48,L"INCD") +}; + +/* the team */ +#define TEAMLEN 5 +enum team +{ + TEAM_NONE = 0, + TEAM_SPECTATOR = 1, + TEAM_TERROR = 2, + TEAM_COUNTER = 3, + TEAM_MAX +}; +char team_names[TEAM_MAX][TEAMLEN+1] = { "NONE", "SPEC", "TERR", "CNTR" }; + +#define ST_SPOTTED 1 + +/* these are the players (in this case) */ +struct g_entity +{ + UINT8 p_team; + UINT32 p_health; + UINT32 p_status; + FLOAT p_pos[3]; + FLOAT p_vel[3]; + wchar_t p_name[MAXNAMELEN+1]; + UINT32 p_wpn; + UINT32 p_spot; + UINT32 p_acct; + UINT32 p_armr; +}; +struct g_entity ge[MAXPLAYER]; // not sure if MAXPLAYER is the correct num, but it works + + +static const int loopDelay = 15; +static const int printDelayFact = 10; +static const int offRescanDelayFact = 250; +static HANDLE hProcess; +static LPCVOID baseEntAdr = NULL, baseLclAdr = NULL, baseRdrAdr = NULL; +static LPCVOID localPlayerAdr = NULL; +static LPCVOID localPlayerPncAdr = NULL; +static LPCVOID localPlayerAccAdr = NULL; +static LPCVOID localPlayerAimAdr = NULL; +static LPCVOID localPlayerFlsAdr = NULL; +static FLOAT vecPunch[2] = { 0.0f, 0.0f }; +static FLOAT accuracyPenalty = 0.0f; +static FLOAT aimAngle[2] = { 0.0f, 0.0f }; +static FLOAT flashAlpha = 0.0f; // TODO: disable Flashbangs ;) +static struct g_entity *localPlayer = NULL; + + +static void clrscr(void) +{ + HANDLE hStdOut; + CONSOLE_SCREEN_BUFFER_INFO csbi; + DWORD count; + DWORD cellCount; + COORD homeCoords = { 0, 0 }; + + hStdOut = GetStdHandle( STD_OUTPUT_HANDLE ); + if (hStdOut == INVALID_HANDLE_VALUE) return; + if (!GetConsoleScreenBufferInfo( hStdOut, &csbi )) return; + cellCount = csbi.dwSize.X *csbi.dwSize.Y; + if (!FillConsoleOutputCharacter( + hStdOut, + (TCHAR) ' ', + cellCount, + homeCoords, + &count + )) return; + if (!FillConsoleOutputAttribute( + hStdOut, + csbi.wAttributes, + cellCount, + homeCoords, + &count + )) return; + SetConsoleCursorPosition( hStdOut, homeCoords ); +} + +static inline LPCVOID calcOffset(LPCVOID baseAdr, DWORD offset) +{ + LPCVOID adr = (LPCVOID)( (size_t)baseAdr+(size_t)offset ); + return adr; +} + +static inline BOOL _readMem(LPCVOID adr, PVOID data, DWORD siz, char *srcFile, size_t lineNmb) +{ + SIZE_T rpmBytesRead = 0; + if ( ReadProcessMemory( hProcess, adr, data, siz, &rpmBytesRead ) == FALSE ) + { + DWORD errCode = GetLastError(); + printf( "\n[%s:%lu] ReadProcessMemory@(0x%p) FAILED (read: %lu/%lu byte) with ERROR code: %ld!\n", srcFile, (long unsigned int) lineNmb, adr, rpmBytesRead, siz, errCode ); + if (errCode == 299) + { + fprintf(stderr, "I don't know what to do ... exiting!\n"); + exit(1); + } + return FALSE; + } + return TRUE; +} + +static inline LPCVOID _readPtr(LPCVOID baseAdr, DWORD offset, char *srcFile, size_t lineNmb) +{ + LPCVOID adr = calcOffset( (DWORD *) baseAdr, offset ); + LPCVOID ptr; + if (_readMem(adr, &ptr, sizeof(LPCVOID), srcFile, lineNmb) == TRUE) + { + return ptr; + } + return NULL; +} + +static SIZE_T findPattern(BYTE *b, const BYTE *p, const char *mask, SIZE_T b_siz, SIZE_T pm_siz) +{ + SIZE_T i,j; + + j = 0; + for (i = 0; i < b_siz; i++) + { + if ( *(char *)(mask + j) == 'x' ) + { + if ( *(BYTE *)(b + i) == *(BYTE *)(p + j) ) + { + j++; + if ( j == pm_siz ) return (i - pm_siz + 1); + } + else + { + j = 0; + } + } + else j++; + if (j == pm_siz) + { + j = 0; + } + } + return i; +} + +static LPCVOID getBaseAdr(LPCVOID startAdr, BYTE *buf, SIZE_T siz, const BYTE *pat, const char *mask, const SIZE_T pm_siz, const SIZE_T off_pos) +{ + SIZE_T pos = 0; + + if ( (pos = findPattern(&buf[0], &pat[0], &mask[0], siz, pm_siz)) <= (siz - pm_siz) ) + { + pos += off_pos; + } + else + { + DEBUG_LOG("Could not find base pointer: %lu/%lu\n", pos, siz); + DEBUG_LOG(" Mask : %s\n", mask); + DEBUG_FLUSH + return 0x0; + } + return ( (LPCVOID) pos ); +} + +static UINT8 getEntityCount(struct off_ent *oe, LPCVOID dllBaseAdr, char *printable_name, UINT8 *invalid_ents) +{ + LPCVOID entAdr; + int i; + (*invalid_ents) = 0; + for (i = 0; i < MAXPLAYER; i++) + { + entAdr = GET_ENTITY( dllBaseAdr, i ); + if (entAdr == NULL) + { + (*invalid_ents)++; + oe[i].valid = FALSE; + continue; + } + else + { + oe[i].valid = TRUE; + } + } + if ( (*invalid_ents) == (UINT8) MAXPLAYER ) return 0xFF; + return i; +} + +static BOOL getEntityOffs(LPCVOID dllBaseAdr, int eidx, struct off_ent *e) +{ + BOOL ret = TRUE; + LPCVOID adr; + LPCVOID data; + if ( (data = GET_ENTITY( dllBaseAdr, eidx )) != NULL) + { + if (e->entBase != data) + { + WDEBUG_LOG( L"ENTITY(%d) BASE ADR CHANGED: [0x%p + 0x%08X] = 0x%p\n", eidx, dllBaseAdr, (unsigned int)ENTOFF(eidx), data); + } + e->entBase = data; + e->teamAdr = calcOffset( data, TEAMOFF ); + e->healthAdr = calcOffset( data, HLTHOFF ); + e->statusAdr = calcOffset( data, STTSOFF ); + e->posAdr = calcOffset( data, ENTPOSA ); + e->wpnAdr = calcOffset( data, AWPNOFF ); + e->sptAdr = calcOffset( data, ENTSPOT ); + e->velAdr = calcOffset( data, ENTVELA ); + e->accAdr = calcOffset( data, ACCOUNT ); + e->armAdr = calcOffset( data, ARMORVL ); + } + else + { + WDEBUG_LOG( L"ENTITY(%d) BASE ADR INVALID: [0x%p + 0x%08X]\n", eidx, dllBaseAdr, (unsigned int)ENTOFF(eidx) ); + ret &= FALSE; + } + if ( (data = readPtr( dllBaseAdr, baseRdrAdr )) != NULL) + { + adr = calcOffset( data, RADRPTR ); + if (readMem(adr, &data, sizeof(data)) == TRUE) + { + adr = calcOffset( data, (RADSIZE * (eidx + 1)) + RADNAME ); + e->radAdr = adr; + } + } + else ret &= FALSE; + if ( localPlayerAdr == NULL && (data = readPtr( dllBaseAdr, baseLclAdr )) != NULL ) + { + localPlayerAdr = data; + localPlayerAccAdr = calcOffset( localPlayerAdr, ACCPENL ); + localPlayerPncAdr = calcOffset( localPlayerAdr, VECPUNC ); + localPlayerAimAdr = calcOffset( localPlayerAdr, AIMANGL ); + localPlayerFlsAdr = calcOffset( localPlayerAdr, FLASHAL ); + } + return ret; +} + +static BOOL getEntityInfo(LPCVOID dllBaseAdr, struct off_ent *oe, struct g_entity *ge) +{ + BOOL ret = TRUE; + LPCVOID data, adr; + float tmpAngl[2]; + + ret &= readMem(oe->teamAdr, &ge->p_team, sizeof(UINT32)); + ret &= readMem(oe->healthAdr, &ge->p_health, sizeof(UINT32)); + ret &= readMem(oe->statusAdr, &ge->p_status, sizeof(UINT8)); + ret &= readMem(oe->posAdr, &ge->p_pos[0], sizeof(FLOAT)*3); + ret &= readMem(oe->radAdr, &ge->p_name, sizeof(wchar_t)*MAXNAMELEN); + ret &= readMem(oe->wpnAdr, &ge->p_wpn, sizeof(UINT32)); + ret &= readMem(oe->sptAdr, &ge->p_spot, sizeof(UINT32)); + ret &= readMem(oe->velAdr, &ge->p_vel[0], sizeof(FLOAT)*3); + ret &= readMem(oe->accAdr, &ge->p_acct, sizeof(UINT32)); + ret &= readMem(oe->armAdr, &ge->p_armr, sizeof(UINT32)); + ge->p_wpn &= 0xFFF; // mask some bits to get the correct ID, thx gaben + if ( (data = readPtr(dllBaseAdr, (DWORD)baseEntAdr+ENTLOOP*(ge->p_wpn-1))) != NULL ) + { + adr = calcOffset( data, WEPONID ); + ret &= readMem(adr, &ge->p_wpn, sizeof(UINT32)); + } + if (oe->entBase == localPlayerAdr) + { + localPlayer = ge; + ret &= readMem(localPlayerAccAdr, &accuracyPenalty, sizeof(FLOAT)); + ret &= readMem(localPlayerPncAdr, &vecPunch, sizeof(FLOAT)*2); + ret &= readMem(localPlayerAimAdr, &tmpAngl, sizeof(FLOAT)*2); + ret &= readMem(localPlayerFlsAdr, &flashAlpha, sizeof(FLOAT)); + if (tmpAngl[0] <= AIMANGL_MAXY && tmpAngl[0] >= AIMANGL_MINY) + { + aimAngle[0] = tmpAngl[0]; + } + if (tmpAngl[1] <= AIMANGL_MAXX && tmpAngl[1] >= AIMANGL_MINX) + { + aimAngle[1] = tmpAngl[1]; + } + } + return ret; +} + +static void printPrettyEntityInfoHdr(void) +{ + clrscr(); + printf( "\nTEAM | WEPN | STATUS | HEALTH | POSITION[X,Y,Z] | VELOCITY[X,Y,Z] | VECDIST | MONEY | ARMOR | NAME\n" ); +} + +static void getWeaponName(UINT8 wid, wchar_t wp[WPNLEN+1]) +{ + int i; + for (i = 0; i < (sizeof(wpns)/sizeof(wpns[0])); i++) + { + if (wpns[i].wid == wid) + { + snwprintf(wp, WPNLEN, L"%s", wpns[i].name); + + return; + } + } + snwprintf(wp, WPNLEN, L"%04u", wid); +} + +static float calcVecDist(float v1[3], float v2[3]) +{ + return sqrtf( powf(v1[0] - v2[0], 2.0f) + powf(v1[1] - v2[1], 2.0f) + powf(v1[2] - v2[2], 2.0f) ); +} + +static void printPrettyEntityInfo(struct g_entity *ge) +{ + wchar_t tm[TEAMLEN+1]; + wchar_t wp[WPNLEN+1]; + + memset(tm, '\0', TEAMLEN+1); + memset(wp, '\0', WPNLEN+1); + switch (ge->p_team) + { + case TEAM_NONE: + case TEAM_COUNTER: + case TEAM_TERROR: + case TEAM_SPECTATOR: + snwprintf(tm, TEAMLEN, L"%hs", team_names[ge->p_team]); + break; + case TEAM_MAX: + default: + snwprintf(tm, TEAMLEN, L"%04u", ge->p_team); + break; + } + + getWeaponName(ge->p_wpn, wp); + + if (ge->p_health == 0) + { + wprintf( L"%s | %s | [ %02d ] | [ %03d] | %+8.2f, %+8.2f, %+8.2f | %+8.2f, %+8.2f, %+8.2f | %8.2f | %05lu | %03lu | %ls\n", + tm, wp, + ge->p_status, ge->p_health, + 0.0f, 0.0f, 0.0f, + 0.0f, 0.0f, 0.0f, + 0.0f, + ge->p_acct, 0, + ge->p_name); + } + else + { + wprintf( L"%s | %s | [ %02d ] | [ %03d] | %+8.2f, %+8.2f, %+8.2f | %+8.2f, %+8.2f, %+8.2f | %8.2f | %05lu | %03lu | %ls %s", + tm, wp, + ge->p_status, ge->p_health, + ge->p_pos[0], ge->p_pos[1], ge->p_pos[2], + ge->p_vel[0], ge->p_vel[1], ge->p_vel[2], + (localPlayer != NULL ? calcVecDist(localPlayer->p_pos, ge->p_pos) : 0.0f), + ge->p_acct, ge->p_armr, + ge->p_name, + (ge->p_spot == ST_SPOTTED ? L" * SPOTTED\n" : L"\n") + ); + } +} + +static void printAllPrettyEntityInfos(struct off_ent oe[MAXPLAYER], struct g_entity ge[MAXPLAYER], enum team tm) +{ + int i; + for (i = 0; i < MAXPLAYER; i++) + { + if (oe[i].valid == TRUE) + { + if (ge[i].p_team == tm) + { + printPrettyEntityInfo(&ge[i]); + } + } + } +} + +static BOOL GetMessageWithTimeout(MSG *msg, UINT to) +{ + BOOL res; + UINT_PTR timerId = SetTimer(NULL, 0, to, NULL); + res = GetMessage(msg, NULL, 0, 0); + KillTimer(NULL, timerId); + if (!res) + return FALSE; + if (msg->message == WM_TIMER && msg->hwnd == NULL && msg->wParam == timerId) + return FALSE; + return TRUE; +} + +static BOOL showEntityOnRad(struct off_ent *oe, struct g_entity *ge, BOOL activate) +{ + UINT32 spot = (activate == TRUE ? 0x1 : 0x0); + BOOL ret = TRUE; + if (localPlayer->p_team != TEAM_COUNTER && localPlayer->p_team != TEAM_TERROR) return FALSE; + if (oe->valid == FALSE) return TRUE; + if (ge->p_team == localPlayer->p_team) return TRUE; + if ( (ge->p_spot != ST_SPOTTED && activate == TRUE) || (ge->p_spot == ST_SPOTTED && activate == FALSE) ) + { + if ( WriteProcessMemory( hProcess, (LPVOID) oe->sptAdr, &spot, sizeof(spot), NULL ) == FALSE ) + { + printf("*** ERROR WRITING INTO MEMORY: %ld ***\n", GetLastError()); + ret &= FALSE; + } + } + return ret; +} + +static BOOL showAllEnemiesOnRad(struct off_ent oe[MAXPLAYER], struct g_entity ge[MAXPLAYER], BOOL activate) +{ + int i; + for (i = 0; i < MAXPLAYER; i++) + { + if (showEntityOnRad(&oe[i], &ge[i], activate) == FALSE) + { + return FALSE; + } + } + return TRUE; +} + +static BOOL reduceRecoil(void) +{ + FLOAT normAngles[2]; + FLOAT puncAngles[2] = { vecPunch[0] * 1.97f, vecPunch[1] * 1.97f }; + + if (abs(puncAngles[0]) < 1.0f && abs(puncAngles[1]) < 0.5f) return TRUE; + normAngles[0] = aimAngle[0] - puncAngles[0]; + normAngles[1] = aimAngle[1] - puncAngles[1]; + if (normAngles[0] != aimAngle[0] ||normAngles[1] != aimAngle[1]) + { + //printf("****** %+8.2f , %+8.2f ", vecPunch[0] * 1.97f, vecPunch[1] * 1.97f); + mouse_event(0x1, vecPunch[1]*-1.0f, vecPunch[0]*-0.19f, 0, 0); + } + return TRUE; +} + +static UINT8 scanEntities(LPCVOID baseAdr, struct off_ent oe[MAXPLAYER]) +{ + int i; + UINT8 entcnt = 0; + UINT8 invalid_ents = 0; + + while ( (entcnt = getEntityCount( oe, (DWORD *)baseAdr, NULL, &invalid_ents )) == 0xFF ) + { + printf("."); + Sleep(500); + } + + for (i = 0; i < MAXPLAYER; i++) + { + if (oe[i].valid == TRUE) + { + if ( getEntityOffs( (DWORD *)baseAdr, i, &oe[i] ) == FALSE ) + { + WDEBUG_LOG( L"ENTITY(%d) IS NOW INVALID: [0x%p + 0x%08X]\n", i, baseAdr, (unsigned int)ENTOFF(i) ); + oe[i].valid = FALSE; + } + } + } + return entcnt; +} + +static BOOL getProcessModules(HMODULE hProcess, MODULEINFO *mInfoArr, UINT mInfoSiz, LPCWSTR mNames, ...) +{ + BOOL ret = TRUE; + HMODULE hMods[1024]; + MODULEINFO mod; + LPCWSTR nm = mNames; + UINT16 found = 0; + DWORD cbNeeded; + va_list vrgl; + int i; + + if (nm == NULL) return FALSE; + va_start(vrgl, mNames); + while ( nm != NULL && found < mInfoSiz) + { + if ( EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbNeeded) ) + { + for ( i = 0; i < (cbNeeded / sizeof(HMODULE)); i++ ) + { + TCHAR szModName[MAX_PATH]; + if ( GetModuleBaseName( hProcess, hMods[i], szModName, + sizeof(szModName) / sizeof(TCHAR))) + { + if ( lstrcmpW(szModName, nm) == 0 ) + { + if ( GetModuleInformation(hProcess, hMods[i], &mod, sizeof(mod)) == TRUE ) + { + mInfoArr[found] = mod; + WDEBUG_LOG( L"*** %s: BaseAddress: 0x%p | EntryPoint: 0x%p | Size: %ld bytes\n", szModName, mInfoArr[found].lpBaseOfDll, mInfoArr[found].EntryPoint, mInfoArr[found].SizeOfImage ); + break; + } + else + { + ret &= FALSE; + } + } + } + } + } + nm = va_arg(vrgl, LPCWSTR); + found++; + } + va_end(vrgl); + return TRUE; +} + +int doHack( DWORD processID ) +{ + BOOL mapHackSuccess = FALSE; + MODULEINFO clientMod; + BYTE *dllBuf = NULL; + SIZE_T codeIdx = 0; + TCHAR sProc[PROCLEN+1]; + unsigned int i; + DWORD cnt = 0; + + memset(sProc, '\0', PROCLEN+1); + memset(oe, '\0', MAXPLAYER*sizeof(struct off_ent)); + memset(ge, '\0', MAXPLAYER*sizeof(struct g_entity)); + + hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | + PROCESS_VM_READ | PROCESS_VM_WRITE | + PROCESS_VM_OPERATION, + TRUE, processID ); + if (NULL == hProcess) + { + goto error; + } + + if ( GetModuleBaseName ( hProcess, NULL, sProc, PROCLEN) > 0 ) + { + if (lstrcmp(sProc, L"csgo.exe") == 0) + { + DEBUG_LOG("*** csgo.exe found: %ld\n", processID); + } + else + { + goto error; + } + } + else + { + goto error; + } + + if ( getProcessModules(hProcess, &clientMod, 1, L"client.dll") == TRUE ) + { + dllBuf = calloc(clientMod.SizeOfImage, sizeof(BYTE)); + printf("Searching Basepointer: "); + while (1) + { + if ( dllBuf != NULL && readMem(clientMod.lpBaseOfDll, dllBuf, clientMod.SizeOfImage) == TRUE ) + { + BYTE epat[] = ENT_BASEPTR_PATTERN; + codeIdx = (SIZE_T) getBaseAdr(clientMod.lpBaseOfDll, dllBuf, clientMod.SizeOfImage, + epat, + ENT_BASEPTR_MASK, + BPATTERN_SIZ(epat), + ENT_BASEPTR_OFFPOS); + baseEntAdr = (LPCVOID) ( *(long unsigned int *)(dllBuf + codeIdx) + ENT_BASEPTR_OFFSIZ - (long unsigned int)clientMod.lpBaseOfDll ); + //baseEntAdr = 0x04A13264; + printf("0x%p, ", baseEntAdr); + BYTE lpat[] = LOCLPLY_PATTERN; + baseLclAdr = getBaseAdr(clientMod.lpBaseOfDll, dllBuf, clientMod.SizeOfImage, + lpat, + LOCLPLY_MASK, + BPATTERN_SIZ(lpat), + LOCLPLY_OFFPOS); + baseLclAdr = (LPCVOID) 0xA4CA5C; + printf("0x%p, ", baseLclAdr); + BYTE rpat[] = RADROFF_PATTERN; + baseRdrAdr = getBaseAdr(clientMod.lpBaseOfDll, dllBuf, clientMod.SizeOfImage, + rpat, + RADROFF_MASK, + BPATTERN_SIZ(rpat), + RADROFF_OFFPOS); + printf("0x%p\n", baseRdrAdr); + baseRdrAdr = (LPCVOID) 0x49EE2E4; + break; + } + Sleep(5000); + } + free(dllBuf); + dllBuf = NULL; + printf("Scanning entities "); + scanEntities(clientMod.lpBaseOfDll, oe); + while (1) + { + for (i = 0; i < MAXPLAYER; i++) + { + if (oe[i].valid == FALSE) continue; + if (getEntityInfo((DWORD *)clientMod.lpBaseOfDll, &oe[i], &ge[i]) != TRUE) + { + goto error; + } + if (ge[i].p_team < 0 || ge[i].p_team > 3 || (cnt % offRescanDelayFact) == 0) + { + DEBUG_FLUSH; + localPlayerAdr = NULL; + scanEntities(clientMod.lpBaseOfDll, oe); + } + if (localPlayer != NULL) + { + if (calcVecDist(localPlayer->p_pos, ge[i].p_pos) < RAD_ENEMY_DIST) + { + showEntityOnRad(&oe[i], &ge[i], TRUE); + } + else + { + showEntityOnRad(&oe[i], &ge[i], FALSE); + } + } + } + + if ( (cnt % printDelayFact) == 0 ) + { + // print table header + printPrettyEntityInfoHdr(); + printf("\n----------------------------[ TERROR ]----------------------------\n\n"); + // terror + printAllPrettyEntityInfos(oe, ge, TEAM_TERROR); + printf("\n\n\n----------------------------[ COUNTER ]----------------------------\n\n"); + // counter + printAllPrettyEntityInfos(oe, ge, TEAM_COUNTER); + printf("\n\n\n------------------------[ SPECTATOR/NONE ]-------------------------\n\n"); + // spectacter/none + printAllPrettyEntityInfos(oe, ge, TEAM_NONE | TEAM_SPECTATOR); + + if (localPlayer == NULL) + { + printf("*** RADAR DISABLED (NO LOCAL PLAYER FOUND) ***\n"); + } + else + { + MSG msg = {0}; + if (GetMessageWithTimeout(&msg, 1)) + { + if (msg.message == WM_HOTKEY) + { + mapHackSuccess = showAllEnemiesOnRad(oe, ge, TRUE); + } + } + printf("\n\n[LOCALPLAYER] VECPUNCH[x,y]: [%+8.2f,%+8.2f] | ACCPENLTY: %+8.2f | AIMANGLES[x,y]: [%+8.2f,%+8.2f]\n", vecPunch[1], vecPunch[0], accuracyPenalty, aimAngle[1], aimAngle[0]); + } + + printf("\n\n[BASE_PTRs] ENTITY: 0x%p | LOCALPLAYER: 0x%p | RADAR: 0x%p\n\n", baseEntAdr, baseLclAdr, baseRdrAdr); + } + cnt++; + Sleep(loopDelay); + if (mapHackSuccess == TRUE) showAllEnemiesOnRad(oe, ge, FALSE); + reduceRecoil(); + } + } + else + { + goto error; + } + + CloseHandle( hProcess ); + return 0; +error: + CloseHandle( hProcess ); + return 1; +} + +int main( int argc, char **argv ) +{ + BOOL ok = FALSE; + DWORD aProcesses[1024]; + DWORD cbNeeded; + DWORD cProcesses; + unsigned int i; + + DEBUG_INIT; + if (RegisterHotKey(NULL, 1, 0x4000, VK_F1)) + { + DEBUG_LOG( "*** Hotkey 'F1' registered (show enemies on radar for %dms) ..\n", loopDelay ); + } + if ( !EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) ) + return 1; + cProcesses = cbNeeded / sizeof(DWORD); + for ( i = 0; i < cProcesses; i++ ) + { + if ( doHack( aProcesses[i] ) == 0 ) + { + DEBUG_LOG("%s", "*** FOUND!\n"); + ok = TRUE; + break; + } + } + + if (ok == FALSE) + { + printf( "csgo.exe started and a game joined?\n" ); + } + DEBUG_CLOSE; + return 0; +} |