Comments (11)
IntelSDM
commented on June 3, 2024
Getting Player Position
void BasePlayer::UpdatePosition(VMMDLL_SCATTER_HANDLE handle)
{
TargetProcess.QueueScatterReadEx(handle, PlayerModel + Position, reinterpret_cast<void*>(&TransformPosition), sizeof(Vector3));
}Caching the playerlist, do this every 3-5 seconds.
void BasePlayer::CachePlayerList()
{
if (VisiblePlayerList == 0)
return;
std::vector<std::shared_ptr<BasePlayer>> templayerlist;
uint32_t size = TargetProcess.Read<uint32_t>(VisiblePlayerList + VisiblePlayerListSize);
uint64_t buffer = TargetProcess.Read<uint64_t>(VisiblePlayerList + VisiblePlayerListBuffer);
if (size == 0 || buffer == 0)
return;
std::vector<uint64_t> playerlist;
playerlist.resize(size);
auto handle = TargetProcess.CreateScatterHandle();
for (int i = 0; i < size; i++)
{
TargetProcess.QueueScatterReadEx(handle, buffer + (0x20 + (i * 8)), reinterpret_cast<void*>(&playerlist[i]), sizeof(uint64_t));
}
TargetProcess.ExecuteScatterRead(handle);
TargetProcess.CloseScatterHandle(handle);
handle = TargetProcess.CreateScatterHandle();
for (int i = 0; i < size; i++)
{
if (playerlist[i] == NULL)
continue;
templayerlist.push_back(std::make_shared<BasePlayer>(playerlist[i], handle));
}
TargetProcess.ExecuteScatterRead(handle);
TargetProcess.CloseScatterHandle(handle);
PlayerList = templayerlist;
}Looping PlayerList
std::shared_ptr<CheatFunction> PlayerLoop = std::make_shared<CheatFunction>(0, []()
{
if (!BaseLocalPlayer->IsPlayerValid())
return;
if (BaseLocalPlayer->PlayerList.size() == 0)
return;
auto handle = TargetProcess.CreateScatterHandle();
int count = 0;
std::vector<std::shared_ptr<BasePlayer>> templayerlist = BaseLocalPlayer.get()->PlayerList;
for (int i = 0; i < templayerlist.size(); i++)
{
std::shared_ptr<BasePlayer> player = templayerlist[i];
count += player->IntializeClasses(handle);
}
if (count != 0)
TargetProcess.ExecuteScatterRead(handle);
TargetProcess.CloseScatterHandle(handle);
handle = TargetProcess.CreateScatterHandle();
for (int i = 0; i < templayerlist.size(); i++)
{
std::shared_ptr<BasePlayer> player = templayerlist[i];
if (!player->IsPlayerValid())
continue;
player->UpdatePosition(handle);
}
TargetProcess.ExecuteScatterRead(handle);
TargetProcess.CloseScatterHandle(handle);
json jsoned;
CurrentMatrix = Camera->GetViewMatrix();
for (int i = 0; i < templayerlist.size(); i++)
{
std::shared_ptr<BasePlayer> player = templayerlist[i];
if (player->IsLocalPlayer() || !player->IsPlayerValid())
continue;
Vector3 position = player->GetPosition();
if (position == Vector3(0, 0, 0))
continue;
Vector2 screenpos = WorldToScreen(position);
if (screenpos.x == 0 && screenpos.y == 0)
continue;
TestObjectJson testobject;
testobject.X = screenpos.x;
testobject.Y = screenpos.y;
testobject.Name = "Player";
testobject.Type = 1;
json entry;
testobject.ToJson(entry);
jsoned.push_back(entry);
}
std::lock_guard<std::mutex> lock(TCPClient->HandlerLock);
{
if (TCPClient->SendPackets && !jsoned.is_null())
{
TCPClient->SendText(jsoned.dump());
}
}
});More offsets you need for baseplayer
uint64_t VisiblePlayerList = 0x20; // private static ListDictionary<ulong, global::BasePlayer> visiblePlayerList;
uint64_t VisiblePlayerListBuffer = 0x18; // list value
uint32_t VisiblePlayerListSize = 0x10; // list size
uint64_t PlayerModel = 0x678; //public PlayerModel playerModel;
uint64_t Position = 0x1B8; // PlayerModel -> internal Vector3 position;
bool Initialized = false;
Vector3 TransformPosition = Vector3(0, 0, 0);I have missed the calls for getting playermodel address and all the typical reads to it but you can just read them in the baseplayer constructor. All the offsets you need are there and all the code is there to get all the player positions
from rustdmacheat.
ConnorMAD
commented on June 3, 2024
wow, thank you so much.
Another thing I was unsure about, these offsets:
uint64_t VisiblePlayerList = 0x20; // private static ListDictionary<ulong, global::BasePlayer> visiblePlayerList;
uint64_t VisiblePlayerListBuffer = 0x18; // list value
uint32_t VisiblePlayerListSize = 0x10; // list size
Where were they taken from?
because 0x20 is linked to VisiblePlayerList
Sorry for the questions, I believe they are silly, but I am learning and I am still new, I would like to learn more about reverse engineering.
from rustdmacheat.
IntelSDM
commented on June 3, 2024
So 0x20 is from Baseplayer. Baseplayer + 0x20 is the address to the list datatype that contains the list of players. To explain the other values I need to say this, Whenever you store a list or an array it's just a class /struct(depending on C++ or C) so since we aren't just reading into the values, we are reading the C# List class. There are a few variables in The List class, but the ones we need for unity hacking are the size and the buffer. The size is the size of the list and the buffer is the actual datatypes in a raw array format. These values shouldn't ever change unless for some reason Microsoft updates the .NET framework's List class. So that's where and why we read 0x18 and 0x10 from any lists we want to read within Unity games or hell most games that don't just use a flat-out array.
from rustdmacheat.
ConnorMAD
commented on June 3, 2024
if "BasePlayer" or "NPCPlayer" in szName:
try:
TEMPTEMP = self.mem.read_ulonglong((pObject + 0x18))
temp_pObject = self.mem.read_ulonglong((TEMPTEMP + 0x28))
print(temp_pObject)
name = self.mem.read_ulonglong(temp_pObject + off_displayname)
intname = self.mem.read_int(name + 0x10)
name_ = ""
for i in range(intname):
name_ += str(self.mem.read_string(name + 0x14 + i))
if temp_pObject == LocalPlayer:
pass
else:
pos_ = self.mem.read_ulonglong(temp_pObject + off_playermodel)
pos = self.read_vec3(pos_ + 0x1B8)
health = int(self.mem.read_float(temp_pObject + 0x25C))
self.entities.append(Entity(pos, "Player", health = health, playername = name_))
continue
what i doing wrong?
from rustdmacheat.
ConnorMAD
commented on June 3, 2024
I can get the positions, but the names are not
from rustdmacheat.
IntelSDM
commented on June 3, 2024
I haven't gotten around to working on my other version of this for ESP for a while as I have other projects to complete so i don't read the displayname but print out the values for each of your reads and put them in ReClass.net in a none EAC build of the game. You will see the addresses for everything in the class you are looking at and the contents of each byte and if it's heaped or not.
I am going to guess its this code though:
for i in range(intname):
name_ += str(self.mem.read_string(name + 0x14 + i))That looks completely wrong and will not work, Look in consolecommands.cpp and you will see how I read strings. Do it the exact same way, read it as a char array, they should have them in python, something like this:
myArray = "\0" * 100https://stackoverflow.com/questions/34675555/python-char-array-declaration
Just convert the char array back to a string.
from rustdmacheat.
ConnorMAD
commented on June 3, 2024
i got it, thanks.
Last thing, I promise, it has helped me a lot
if overlay.esp:
if i % 100 == 0:
camera = self.mem.read_ulonglong(self.gameassembly_base + 0x3417CD8)
matrix4x4 = []
print(matrix4x4)
for j in range(16):
matrix4x4.append(self.mem.read_float(self.mem.read_ulonglong(camera + 0x18) + 0xDC + 0x4 * j))
overlay.matrix4x4 = matrix4x4
I'm using a matrix to store and then send to my wts, but I'm having difficulty reading the data to send
from rustdmacheat.
IntelSDM
commented on June 3, 2024
Firstly, Don't read the camera constantly, It also appears you are reading from the camera manager which is honestly just a mess. Read from MainCamera.
MainCamera::MainCamera()
{
printf("[MainCamera] Initialized\n");
uint64_t maincamera = TargetProcess.Read<uint64_t>(TargetProcess.GetModuleAddress(L"GameAssembly.dll") + Class); // Get Class Start Address
printf("[MainCamera] MainCamera: 0x%llX\n", maincamera);
this->StaticField = TargetProcess.Read<uint64_t>(maincamera + StaticField); // Set Static Padding
printf("[MainCamera] Static Fields: 0x%llX\n", StaticField);
this->Camera = TargetProcess.Read<uint64_t>(StaticField + Camera); // Current MainCamera
printf("[MainCamera] Camera: 0x%llX\n", Camera);
this->CameraGamoObject = TargetProcess.Read<uint64_t>(Camera + CameraGamoObject); // get the native gameobject
printf("[MainCamera] CameraGamoObject: 0x%llX\n", CameraGamoObject);
}
bool MainCamera::IsValid()
{
return Camera != 0;
}
ViewMatrix MainCamera::GetViewMatrix()
{
ViewMatrix viewmatrix;
viewmatrix = TargetProcess.Read<ViewMatrix>(CameraGamoObject + ViewMatrixOffset);
return viewmatrix;
}class MainCamera
{
/*
Script.json
"Address": 55074032,
"Name": "MainCamera_TypeInfo",
"Signature": "MainCamera_c*"
*/
uint64_t Class = 0x3485CF0;
//Dump.cs / DummyDLL
uint64_t StaticField = 0xB8;// Static Padding To Access Static Fields
uint64_t Camera = 0x0;// public static Camera mainCamera
uint64_t CameraGamoObject = 0x10;
uint64_t ViewMatrixOffset = 0x2E4;
ViewMatrix CacheMatrix;
public:
MainCamera();
bool IsValid();
ViewMatrix GetViewMatrix();
};struct ViewMatrix
{
public:
float matrix[4][4];
Vector3 Transform(const Vector3 vector) const;
};
from rustdmacheat.
ConnorMAD
commented on June 3, 2024
you are amazing, really thank you for your help!
from rustdmacheat.
ConnorMAD
commented on June 3, 2024
if overlay.esp:
if i % 100 == 0:
camera = self.mem.read_ulonglong(self.gameassembly_base + 0x3485CF0)
matrix4x4 = []
for j in range(16):
# Correção aqui: Use self.read_chain
camera_manager = read_chain(self, camera, [0xB8, 0x0, 0x10])
camera_managerr = self.mem.read_float(camera_manager) + 0x2E4
matrix4x4.append(camera_managerr * j)
print(overlay.matrix4x4)
def read_chain(self, address, offsets):
current = address
for offset in offsets[:-1]:
current = self.mem.read_ulonglong(current + offset)
if current == 0:
return None
return self.mem.read_ulonglong(current + offsets[-1])
what am i doing wrong?
from rustdmacheat.
ConnorMAD
commented on June 3, 2024
i got it:
if i % 100 == 0:
camera = self.mem.read_ulonglong(self.gameassembly_base + 0x3485CF0)
matrix4x4 = []
for j in range(16):
# Correção aqui: Use self.read_chain
camera_manager = read_chain(self, camera, [0xB8, 0x0, 0x10])
camera_managerr = camera_manager + 0x2E4
camera_managerrr = self.mem.read_float(camera_managerr + (j * 4))
matrix4x4.append(camera_managerrr)
overlay.matrix4x4 = matrix4x4
print(overlay.matrix4x4)
from rustdmacheat.
Related Issues (20)
- BAD DTB: PID=177784 HOT 1
- No recoil not working HOT 9
- Do I need dma card or fuser only? HOT 1
- GUI Rendering Library HOT 3
- error HOT 1
- Is it safe to use only fuser esp only HOT 1
- Installing directery
- Failed to Execute scatter read
- No GUI only console HOT 1
- NoRecoil slider only changes the recoil a little bit HOT 1
- Failed to Execute Scatter Read HOT 12
- Are features like Bright Night unsafe to use? HOT 6
- Can't Find Meaning? HOT 7
- New Native Offsets HOT 3
- DMA not supported ? HOT 3
- crashes when rendering new players HOT 1
- Basenetworkable usage?? HOT 2
- Insta ban HOT 17
- Got banned by EAC after today's update (and no, I have good personal firmware). HOT 2
- Just need help
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rustdmacheat.