So I'm trying to create an aimbot for a game but I'm having some trouble here, how can I find the player base? If I find the player base then I can get all the information needed such as X, Y positions, current money, ammo, health, armor etc... I'm using CheatEngine 6.4 for this.
Asked
Active
Viewed 7,041 times
0
-
Did you get it working? – Sujith Sizon Jan 17 '16 at 12:02
-
Nope, I only found the base address of the local player, I tried to find the player base of the other players using the same technique I used to find the local player but failed, so now I'm trying to find the base pointer to the Entity array/Player array but still can't find it :( – Louie Jan 19 '16 at 08:21
-
lol, are you following fleep's tuts ? Im trying to develop an aimbot for an android game called mini militia and im unable to get any good live fuzzing tools, also you could use ida pro to reverse engineer the game and load all the strings inside it itself. – Sujith Sizon Jan 19 '16 at 13:03
-
Yes, I'm watching fleep's tutorials on youtube, mainly the "C# How to make an AIMBOT tutorial", I'm still trying to understand it tho. – Louie Jan 20 '16 at 06:23
-
Lol, I dunno if this makes anything different now, but I found that playerbase eventually. Searched for enemy hp, pointer scan, and voila. :) Also found the map data structure and I now have a fully working aimbot with a speedhack on it. :) – Louie Jul 03 '17 at 00:36
-
kudos man, can you gimme your contact info so that i can hit you up incase i need help – Sujith Sizon Jul 24 '17 at 09:58
2 Answers
4
The term "PlayerBase" refers to the dynamic address of the player object. Variables like health, armor etc... will typically be member variables of the player class. Variables such as ammo can also be member variables of the weapon class, so not all offsets will be relative to the address of the player object. But you will often seen pointers in the player object that point to the current weapon object.
When the game is created the compiler creates instructions to access the variables by address and relative offset using the class that's been defined. Your goal is to replicate the game logic in accessing these variables.
To find a variable that you assume is a member of the player class, scan for it in cheat engine, then use "Find What Accesses" on the address of the variable. This lists all instructions that access that variable. Hopefully you will see something like "mov eax [ebx+14c]". In this case the address held in ebx is the address of the player object and 0x14c is the offset to the health variable. This is typically a dynamic address, which will be different each time you run the game. Next you would want to find a pointer to this address that you can use that will always point to the correct address. To do this you would trace backwards in the code and hopefully see where ebx gets it's value either inside the current function or in a previous function in the call stack. You will either find a static address which is a global variable or an address that is relative to the base address of a module(such as a DLL or exe) which you can calculate at runtime.
I typically do the same thing in every game and dumb this down to: Find a good health pointer and remove the last offset. This is a pointer to the "playerbase"
GuidedHacking
- 3,628
- 1
- 9
- 59
0
Find Y axis, search unknown initial value, float type. Walk up ladder, and search for increased value. Walk down and decreased value, and keep doing this until you find your Y address. Right Click and press " Memory View for this value". Disect new data structure. Now you should have structure, there you have an array of memory addresses, type the Y address - 8, now you should get all XYZ, and the addresses, type the x address that is on top now, and "-" 4. The address on top is now your PlayerBase. When you need XYZ now, you take "PlayerBase + XOffset", X will be 4 bytes infront of Base, since you took X - 4. and Z will be 4 bytes infront of X, so PlayerBase + 8, and Y will be "+" 0x0C. Cheat Engine shows you the offset behind the address.
I'm Geeker
- 4,601
- 5
- 22
- 41
dani-hei
- 9
- 1
-
So, that's what I should do in order to find the Entity array? After I find it I should just loop through it in a "for" loop in C++? – Louie Jan 21 '16 at 11:34
-
if you find the address for the array of offsets. you need x, you just make a variable: DWORD X = FirstaddressInArray + OffsetForX – dani-hei Feb 02 '16 at 12:22