ools needed : Favourite Memory Searcher ( I use T-Search ) C/C++ Compiler ( I use VC++ ) Game with FPS style view ( This guide uses Delta Force Xtreme v1.6.5.0 )
A knowlege of the following subjects also helps : How memory is stored (understanding structures within a game) How to search for addresses Pointer searching to resolve DMA within out trainer Alot of time and patience, and some maths knowledge including triganometry and common sense A KNOWLEDGE OF C/C++ IS ****ING VITAL
//////////////////////
Right...to get started, I guess explaining the basis of how the aimbot will work is a good idea. I was thinking through a few different methods on how to do it, but was stumped on 1 bit for ages. It was obvious (, to me at least,) that we would have to get the enemies position. But it was what to do with that which stumped me, I didn't know how to use that data to my advantage and set my crosshair onto it...then finally thosee years of maths in school came into play.
What we do, is get our position by co-ordinates, in X,Y and Z (or East/West, North/South and Height), and the same for the enemy. With this, we can work out our relative angle between North (or a different point, which comes up later), our player, and the enemy. So in at the end of that, we get our angle to aim for (away from North) in order to look at the enemy. This is then used to set our rotational look onto the enemy. Then we do the same with the height (between a point which is straight ahead of us, our player, and the enemy) to get the angle we need to aim up/down.
I probably just nailed a few of your braincells by trying to get you to understand that, but don't worry, hopefully it will all come out clearer in a bit. Now thats most of the theory on how it works, time to get to actually doing it.
As I said, this is the way *I* make aimbots, and to start off with I have 3 blank functions:
PLAYER_DATA GetMyPlayerData(void)PLAYER_DATA GetPlayerData(BYTE PlayerNumber)void SetCrosshairOnEnemy(BYTE PlayerNumber)PLAYER_DATA? Yup, to make things more tidy in my programming, I like to use some structs as well as functions. My PLAYER_DATA structure holds valuable information about a player. Such as:
typedef struct _PLAYER_DATA { DWORD baseadd; // base address of this current playerDWORD coordEW; // East/West (X) co-ordDWORD coordNS; // North/South (Y) co-ordDWORD coordUD; // Up/Down (Z) co-ordDWORD coordEWa; // The address of the players EW co-ordDWORD coordNSa; // The address of the players NS co-ordDWORD coordUDa; // The address of the players UD (up/down..wtf was i thinking when naming this) co-ordDWORD lookX; // The players X-axis look (what will change if you move the mouse side to side)DWORD lookY; // The players Y-axis look (what will change if you move the mouse forwards and backwards)DWORD lookXa; // The address of the X lookDWORD lookYa; // The address of the Y lookchar name; // Holds the current players nameDWORD namea; // The address of the current players name} PLAYER_DATA;
I don't really know why I put all the addresses for everything in the struct, but hell, might come in use when making something one day. All the stuff in there will come to use when making our aimbot, so here's how to search for each of them (in DFX at least).
The easiest to start with is name, use Artmoney's Text search Co-ords: NS - Move north, search increased, move south, search decreased EW - Move east, search increased, move west, search decreased UD - Move up (a hill/ladder), search increased, move down, search decreased LookX - Move mouse left/right, search has changed...set your search range to around the other addies to narrow search down (this value may be different to DFX. In DFX, 0 was east, and it increased as you went anti-clockwise until you got to just before east, which was 0xFFFFFFFF) LookY - Move mouse forward/backward, search has changed
You should be able to get the player base address from near enough any of these, and a pointer to get it in game. I use 2 pointers, 1 which always points to player 0's (or 1, the 1st player in memory)'s base address, and 1 which always points to the base address of my player. Now we can modify the GetMyPlayerData and GetPlayerData functions to get us this info:
At the top of the C++, I define the bases:
#define mBase 0xBD63D8// mBase = My Base, always holds my players base address #define hBase 0xB0D228// hBase = Host Base, always holds th
/// PLAYER_DATA GetMyPlayerData(void) { PLAYER_DATA Player;// Create a blank PLAYER_DATA struct ZeroMemory(&Player,sizeof(PLAYER_DATA));// Initiate it all to 0 (thanks L.Spiro, this solved some problems) Peek((void*)mBase,(void*)&Player.baseadd,4);// Get our players Base Address from the pointer
Player.coordEWa =Player.baseadd +0x8;// Get all the addies for everything...the 0x8, 0xC and s*** are the offsets I found for DFX Player.coordNSa =Player.baseadd +0xC; Player.coordUDa =Player.baseadd +0x10; Player.lookXa =Player.baseadd +0x14; Player.lookYa =Player.baseadd +0x18; Player.namea =Player.baseadd +0xF4;
Peek((void*)Player.coordEWa,(void*)&Player.coordEW,4);// Now we got all the addies, read in the info from em all Peek((void*)Player.coordNSa,(void*)&Player.coordNS,4); Peek((void*)Player.coordUDa,(void*)&Player.coordUD,4); Peek((void*)Player.lookXa,(void*)&Player.lookX,4); Peek((void*)Player.lookYa,(void*)&Player.lookY,4); Peek((void*)Player.namea,(void*)&Player.name,15);
returnPlayer;// Give our PLAYER_DATA Player, as the return value } /// PLAYER_DATA GetPlayerData(BYTE PlayerNum)// Takes the number of the player as a param { PLAYER_DATA Player; ZeroMemory(&Player,sizeof(PLAYER_DATA)); Peek((void*)hBase,(void*)&Player.baseadd,4);
Player.baseadd =Player.baseadd +(PlayerNum*0x388);// 0x388 is the gap between players, starting with player 1
Now that we've made our functions to collect all the data we need, it's time to get to the core of the aimbot. Got a feeling this is gonna be alot of reading, so if I were you I'd go get a snack and a drink or something, then come back
Maths knowledge is needed to make this! If you're useless at maths, and still reading, you're also useless at english for not understanding the knowledge requirements at the top Let's start with the X look.
Because DFX works around the East point (, facing Directly east = 0x00000000/0xFFFFFFFF), then all our calculations will be made off it. To help the understanding with this tutorial, I'll include some snazzy little photoshuppered drawings, woo
The aimbot works in 4 sectors. This makes things easier when finding out distances. Here are the sectors and how to determine what sector an enemy is in :
Sector 1 = South-East of our position Sector 2 = South-West of our position Sector 3 = North-West of our position Sector 4 = North-East of our position
So, let's add these sectors to our source code. Note that also we have to tell our aimbot what to do if they are, for example, east of us, but the same on the NS axis. No need to put the code for if they are the same on both the NS and the EW axis, as otherwise you won't need it to set an aim for you, you're on them
CODE
voidSetCrosshairOnEnemy(BYTE PlayerNumber) { PLAYER_DATA oP =GetPlayerData(PlayerNumber);// oP = Opposition's Player PLAYER_DATA cP =GetMyPlayerData();// cP = Current Player (our player) .. sorry for bad var names
Now, to get the angle we need to look, we have to make a triangle between the EW axis, us, and the player. Then we have to find the angle of which we are the apex. Here's 1 of the snazzy little drawings:
This is a top view : Blue dot = Our player Red dot = enemy Green = The triangle we make Purple = The angle we need to find Orange = The difference's we need to work out for the angle
Incase you've forgotten Triganometry, then due to the 2 side we can get the easiest we will the Tangent function : Tan(angle) = Opposite/Adjacent
In all our sectors, the Adjacent is the EW difference, and the Opposite is the NS difference. So let's add some coding to our function :
CODE
voidSetCrosshairOnEnemy(BYTE PlayerNumber) { PLAYER_DATA oP =GetPlayerData(PlayerNumber); PLAYER_DATA cP =GetMyPlayerData();
doubleEWdif;// These need to be double for our Trig calculations to work later on :) doubleNSdif;
Please note that in each sector, the calculations ARE NOT the same. You need to do the biggest take away the smallest...hope that's obvious. Right, so now we have this, we need to get the angle in degrees. For this, we need to do go back to the formula :
We need to do the Inverse Tangent function of this, so that we get the angle rather than the Tangent of the angle. The function to do this is atan (could have used atan2 but didn't know of this function at the time of programming). It takes 1 double parameter, and returns a double value of the angle in radians. But this is no good for us, we want it in degrees. Well, to turn radians into degrees, its a multiplication of '57.29578', as found off the tinternet Remember to include <math.h> for the atan function
Then, due to our X-look not having a maximum of 360, it goes upto 0xFFFFFFFF (4294967295), we need to find the percentage what this angle is of 360. This is so that we can find out what value we need to use, for example:
If the angle was 90 degrees 90/360 = 0.25 (decimal percentage of the angle) 0xFFFFFFFF * 0.25 = 3FFFFFFF (roughly), which is the new value we need to use
double flatDist = sqrt((EWdif*EWdif)+(NSdif*NSdif));// Get the level distance between us and the enemy, using pythagoras
if(oP.coordUD == cP.coordUD) { BYTE zero4[4]={0x00,0x00,0x00,0x00}; Poke((void*)cP.lookYa,zero4,4);// If we are equal height, set our Y-look to 0 (level)
}elseif(oP.coordUD > cP.coordUD) { UDdif= oP.coordUD - cP.coordUD;// Work out our UDdif angleB = atan(UDdif/flatDist)*57.29578;// Same old stuff as before angleBP =(angleB/360); newValueb =0+(0xFFFFFFFF*angleBP); newValueb2 = newValueb; Poke((void*)cP.lookYa,&newValueb2,4);
And there we have it, the skeletal start of an aimbot. Now thing about adding some of the following things : ****list (only aim for certain people...use the name part of the player structure to check if they are on it or not) Account for lag (lead bullets infront of people to account for the lag in the game(if its mp), and bullet travel) Account for bullet dipping (aim above a player so bullets dip onto them) Grenade arcs (workout where to throw grenades in order for them to go on your target) Enemy only aim (so you don't aim at team-mates) Only aim if alive (shooting dead people doesn't do much)
Credits To the maker and if i helped don't forget too REP
-- Edited by cudak on Tuesday 15th of March 2011 10:30:22 AM
