i can haz css nospread code how do?
...
...
...
I joke, I joke.

Okay, so I've created a close to perfect aimbot. It aims exactly where it's supposed to go, and I usually have about a 25% chance of hitting my target... Lol.
Well that is because the bullets don't go fucking straight like I think they should, so I'm just wondering if anyone can kinda guide me through making a nospread/norecoil?

If anyone is willing to actually teach me (I am fast learner) I would be forever grateful. Even if you could just give me some tips that would be great. And I do actually know how a nospread works, it just adds the angular change to the original to make the predicted bullet path hit the same point. The no recoil on the other hand, I'm not too sure about.

Note: Yes I DID actually write the aimbot myself, I used an example to learn the hooking method but from there I did everything my self and got it to work, the only bugs right now are a little bit of target switching, and occasional crashing that I can't pinpoint the reason (I think when it's getting the entity positions).

Edit: I also need a way to find out if bots are dead or not, GetHealth and IsAlive seem to crash.

Thanks in advance,
~lilneo

All kinds of HL:2 Nospread and Norecoil are floating around this forum, try using the search feature.

Sigh, I've searched enough. I've found a bunch but it's not the same when someone just pasted a big clump of their code, I have no idea what variables are what, they don't even say. I just want someone to explain how I go about doing a nospread/norecoil.

Also, I am using TraceRay like this:


Ray.Init(playpos,playpos2); //My pos, enemy pos found by bones.
Tracer->TraceRay(Ray,MASK_SHOT,0,&Trace); //Trace SHOULD stop at walls etc, things that stop bullets...
if(Trace.m_pEnt) //What is the entity it hit - If it hits an entity, that will be the index, If not it returns NULL. (I'm not sure, please correct me if I'm wrong on that. Was just a guess)
{
//blah blah
}

But it is returning true even if the enemy is behind a wall, what's going on?
~lilneo

Spread is calculated using a seeded random Gaussian generator. The seed is available to you in the CUserCmd class. You use this to set up valve's random number generator -- the server will do the same thing once it receives your command. When done correctly, your spread vector will be exactly opposite the server's calculated vector.

This means that the angles are offset by an equal and opposite amount. The rest of the code is vector<->angle conversion and some minor details. For more explanation (since clients calculate spread for weapon prediction I think), look in/around C_AK47::PrimaryFire in the MAC binaries (That may/may not be the class name). You'll see that some spread function gets called. That is the source of the seemingly cryptic float values you may have seen in some CSS nospread code.

As for tracerays, m_pEnt is a member pointer to the entity -- it will be a pointer if anything. The world is an entity and you should do more checks before firing.

Thank, so when I use the random seed it will only return 1 number yes? What part of the vector for the spread offset is that?
Secondly, I don't have a mac binary T.T, I'll try and find one. But what would I do with that spread function? Just NOP it or something?
Lastly, what kind of checks on TraceRay can I do? Because all the "DidHit" related functions aren't virtuals, and they don't have code to them.
~lilneo

I applaud syn for attempting to help you, but the stupidity is overwhelming..

brb, porting back to base.

I applaud syn for attempting to help you, but the stupidity is overwhelming..

brb, porting back to base.
Stupidity has little to do with knowledge of a subject, though it can have a lot do with ignorance. If you aren't going to reply with a helpful post, then why are you posting at all? If this forum isn't for asking questions and getting help, what the fuck is it for, please tell me.

To justify my questions,


int random_seed;

Last time I checked, an int is one fucking value, and a Vector is 3. So, my question was, how are the two related, perhaps the P/Y/R of the vector is all the same value, or perhaps each one is a different random_seed.

For my second question, I misunderstood what he was saying. I thought he was talking about the recoil function. And unless you can tell me what you would do with something that changes where your crosshair is without changing your aim angle. I think my question was perfectly legit in a bit different context.

Lastly, my question about TraceRay, when you use this function the result is output to trace_t *pTrace. The available functions for it that would make sense to use are:


pTrace.DidHit
pTrace.DidHitNonWorldEntity
pTrace.DidHitWorld

Now the problem with these, is they are not virtual functions so I can't use them with the interface I have created with the game dll. And they have no actual code to them to return anything, so they would be useless functions. Not to mention I get link errors when I try to use them.

If perhaps I am missing something, or I have misunderstood something then possibly you could point it out instead of directly insulting me.

So next time before you go running your mouth off, why not put a little effort into replying. If you have nothing better to do than reply with senseless post count increasing spam, then maybe you should get out more, make some friends, get laid, and learn to show some respect.

Edit: Noticed something interesting,


syntroniks
GD Supporter

Yeah, he is definitely a supporter.


kolbybrooks
maybe im special?

And I have a strong feeling that you indeed are special.

Have a nice day,
~lilneo

If you ever actually learn and progress (and gather some common sense), this is going to be one of the threads you look back at and say "What the fuck was I thinking? What does that even mean?".




...

Edit: Noticed something interesting,

Yeah, he is definitely a supporter.

And I have a strong feeling that you indeed are special.

Have a nice day,
~lilneo


lilneo
cewter

Ironic.

Touche.

And, please explain how asking questions is not related to learning. Also, where have I shown lack of common sense, since when was reverse engineering and hacking a part of common sense.
~lilneo

Edit: I also need a way to find out if bots are dead or not, GetHealth and IsAlive seem to crash.


You are doing it wrong then. Nospread/norecoil info is already in the forums... just search for it.

This should help you:
http://www.gamedeception.net/threads/20061-Orange-Box-A-few-questions-regarding-Ollydbg-and-the-OB-Engine

You are doing it wrong then. Nospread/norecoil info is already in the forums... just search for it.

This should help you:
http://www.gamedeception.net/threads/20061-Orange-Box-A-few-questions-regarding-Ollydbg-and-the-OB-Engine
Well no, I'm not doing GetHealth and IsAlive wrong... I'm not that dumb, C_BaseEntity->GetHealth(), C_BaseEntity->IsAlive()... It's not impossible. When I used GetHealth, soon as my program hit it, it stopped working. Like didn't crash, but the while loop stopped looping.

And the link was actually really helpful, it answered a few questions.
~lilneo

Well no, I'm not doing GetHealth and IsAlive wrong... I'm not that dumb, C_BaseEntity->GetHealth(), C_BaseEntity->IsAlive()... It's not impossible. When I used GetHealth, soon as my program hit it, it stopped working. Like didn't crash, but the while loop stopped looping.

And the link was actually really helpful, it answered a few questions.
~lilneo

Update the virtual tables, they have changed.

Ill give you the vtable offset of IsAlive since I found it to be a lot harder to find than gethealth: 0x1EC.

Update the virtual tables, they have changed.

Ill give you the vtable offset of IsAlive since I found it to be a lot harder to find than gethealth: 0x1EC.

Thanks, and yeah I know they have changed but they are working for the most part. In fact, I am using the 2006 version of the source and it's working fairly well, barely anything doesn't work.
Also, what does that offset get applied to, a C_BaseEntity correct? How would I get that, or is it just the entity handle (EHANDLE)? Oh, or the index?

Edit: So I did this, please correct me if I did it wrong:


DWORD* Alive = (DWORD*)EnemyBaseEnt->index+0x1EC;
if(*Alive){
//blah blah
}

I used the index and added the offset...

Edit2: Just re-read your post, noticed you said vtable offset. That means I need the vtable pointer correct? If so, I'm going to need a hand there because even when getting the D3D vtable pointer I fucked up. So I most likely wont be able to get the vtable pointer of this one either.

~lilneo

Use networked variables instead. Look at existing nospread code to see how the random_seed integer is translated into the spread vector.

Spread is calculated differently for different games, keep that in mind if/when you move on. Back to networked variables -- health can be obtained from a pointer that can be found at runtime. The source engine has networked variables for entities and allows you to lookup the offset by name "m_iHealth", etc.

There are programs on these forums that will have source code for obtaining these offsets and potentially generating headers that you can use to grab networked properties.

The mac binaries are .dylib instead of .dll -- load them up in ida and take a look around

Use networked variables instead. Look at existing nospread code to see how the random_seed integer is translated into the spread vector.

Spread is calculated differently for different games, keep that in mind if/when you move on. Back to networked variables -- health can be obtained from a pointer that can be found at runtime. The source engine has networked variables for entities and allows you to lookup the offset by name "m_iHealth", etc.

There are programs on these forums that will have source code for obtaining these offsets and potentially generating headers that you can use to grab networked properties.

The mac binaries are .dylib instead of .dll -- load them up in ida and take a look around

Okay so I got most of that already, what is bugging me is the direct relationship in random_seed and the spread. I know you said I could figure it out by looking at nospread code, which I have done. The thing that usually gets me with them is the interface names, I am sensing that there is a global variable naming sort of process people are following when naming their interfaces. Anyway, the .dylib thing actually really helped me. I had no idea so I plan to go load some of the libraries up into IDA right now.
~lilneo

Okay so I got most of that already, what is bugging me is the direct relationship in random_seed and the spread. I know you said I could figure it out by looking at nospread code, which I have done. The thing that usually gets me with them is the interface names, I am sensing that there is a global variable naming sort of process people are following when naming their interfaces. Anyway, the .dylib thing actually really helped me. I had no idea so I plan to go load some of the libraries up into IDA right now.
~lilneo

I still haven't updated my classes to reflect these changes... too fucking lazy and I don't care anymore.


bool IsDormant(CBasePlayer* BaseEnt)
{
bool bRet = 0;

_asm
{
mov esi, BaseEnt
mov eax, [esi + 0x8]
mov edx, [eax + 0x20]
lea ecx, [esi + 0x8]
call edx
mov bRet, al
}

if(bRet)
return true;
else
return false;
}

int GetTeamNumber(CBasePlayer* BaseEnt)
{
int iRet = 0;

_asm
{
mov ecx, BaseEnt
mov eax, dword ptr ds:[ecx]
call dword ptr ds:[eax + 0x120]
mov iRet, eax
}

return iRet;
}

int GetHealth(CBasePlayer* BaseEnt)
{
int iRet = 0;

_asm
{
mov ecx, BaseEnt
mov eax, dword ptr ds:[ecx]
call dword ptr ds:[eax + 0x198]
mov iRet, eax
}

return iRet;
}

bool IsAlive(CBasePlayer* BaseEnt)
{
bool bRet = false;

_asm
{
mov ecx, BaseEnt
mov eax, dword ptr ds:[ecx]
call dword ptr ds:[eax + 0x1EC]
mov bRet, al
}

return bRet;
}

bool IsPlayer(CBasePlayer* BaseEnt)
{
bool bRet = false;

_asm
{
mov ecx, BaseEnt
mov eax, dword ptr ds:[ecx]
call dword ptr ds:[eax + 0x1F0]
mov bRet, al
}

return bRet;
}

I know its sloppy, but after I got esp working I didn't really care to do much more... besides what more do you need ;)

Same offsets work in tf2 btw.

You can get the shit for bones yourself... I used the mac .dylib disassembled in ida alongside the disassembly of the .dll, also had the orangebox sdk and vtable addresses in the .dll for the classes I wanted to update.

TraceRay() is the same as the orangebox sdk, no changes needed. GetPlayerInfo and GetAbsOrigin haven't changed either.

Good luck ;)