Bo1 Non-Host aimbot

1. Bo1 PS3 Pastebin
2.  
3. //here is my patches to the game
4. RemoveThreadIDCheckOnCL_ConsolePrint();
5. HookFunctionStart(0x465368, *(uint32_t*)Menu_PaintAll_Hook, *(uint32_t*)Menu_PaintAll_Stub);
6. HookFunctionStart(0x1B74F4, *(uint32_t*)CL_WritePacket_Hook, *(uint32_t*)CL_WritePacket_Stub);
7. //HookFunction(0x2D6140, *(uint32_t*)ClientCommand_Hook);//SC58 end game protection
8. HookFunctionStart(0x2D6140, *(uint32_t*)ClientCommand_Hook, *(uint32_t*)ClientCommand_Stub);//Jo-Milk command protection
9. HookFunctionStart(0x16B7C8, *(uint32_t*)CG_ProcessSnapshots_hook, *(uint32_t*)CG_ProcessSnapshots_Stub);
10. HookFunctionStart(0xF8160, *(uint32_t*)CG_DrawCrosshair_Hook, *(uint32_t*)CG_DrawCrosshair_Stub);//good non-host hook
11. HookFunctionStart(0x3CCAF8, *(uint32_t*)MSG_WriteReliableCommand_Hook, *(uint32_t*)MSG_WriteReliableCommand_HookStub);//non-host callvote exploit you probably can do more
12.  
13. void RemoveThreadIDCheckOnCL_ConsolePrint()//allows iPrintln_GameMessage and iPrintlnBold_GameMessage by noping Com_GetParseThreadInfo in 0x001AF228 CL_ConsolePrint
14. {
15.     uint32_t PPC[] = { 0x60000000 };
16.     for (int i = 0; i < 0x4; i++)
17.         sys_dbg_write_process_memory(0x1AF264 + (i * 4), &PPC[0], 4);
18. }
19.  
20.  
21. void RemoveCheatProtection()//can use some cheat protected dvars
22. {
23.     uint32_t PPC[] = { 0x60000000, 0x3B200000 };
24.     sys_dbg_write_process_memory(0x4C8EC4, &PPC[0], 4);
25.     sys_dbg_write_process_memory(0x4C8ED0, &PPC[0], 4);
26.     sys_dbg_write_process_memory(0x4C8ED4, &PPC[1], 4);
27.    
28.     //TEST
29.     sys_dbg_write_process_memory(0x3E013C, &PPC[0], 4);
30. }
31. void RSAPatch()
32. {
33.     uint32_t PPC[] = { 0x60000000 };
34.     sys_dbg_write_process_memory(0x230258, &PPC[0], 4);
35.     sys_dbg_write_process_memory(0x23025C, &PPC[0], 4);
36.     sys_dbg_write_process_memory(0x230260, &PPC[0], 4);
37.     sys_dbg_write_process_memory(0x230264, &PPC[0], 4);
38.     sys_dbg_write_process_memory(0x230268, &PPC[0], 4);
39. }
40.  
41.  
42. //aimbot
43. void thread(uint64_t)
44. {
45.     for(;;)
46.     {
47.          if (Dvar_GetBool("cl_ingame"))
48.         {
49.             if(!LookforFFA)
50.             {
51.                 isFFA = isFFAType();
52.                 LookforFFA = true;
53.             }
54.             if(isFPSMenuOpen)
55.                  isFPSMenuOpen = false;
56.             if (!isMenuOpen)
57.             {
58.                 if(Aimbot)//aimbot
59.                 {
60.                     if (Pressed(Btn::L1) || Pressed(Btn::R1) && Pressed(Btn::L1))
61.                     {
62.                         if(AImbotSetAngle == 1)
63.                         {
64.                             if(centity[target].pos.trBase != centity[target].NewOrigin)
65.                             {
66.                              ApplyPrediction(them, target, (float)0.20f);
67.                             }
68.                             vec3_t vecangles = (them - self);
69.                             vectoangles((float*)&vecangles);
70.                             Angles.x = (angleseeeee[0] - clientActive->deltaAngles.x);
71.                             Angles.y = (angleseeeee[1] - clientActive->deltaAngles.y);
72.                             Angles.z = 0;
73.                             CL_SetViewAngles(0,(float*)&Angles);
74.                             AImbotSetAngle = 2;
75.                             sleep(250);
76.                         }
77.                     }  
78.                 }
79.             }
80.             else
81.             {
82.                 //if menu not closed do stuff here
83.             }
84.         }
85.         else//if not in game reset my globale variables
86.         {
87.              LookforFFA = false;
88.              Aimbot = false;
89.              if(isMenuOpen)
90.                  isMenuOpen = false;   
91.         }
92.         sleep(10);
93.     }
94.     }
95.     else
96.     sys_ppu_thread_exit(0);
97. }
98.  
99. // My aimbot hook
100. void DoAimbot()
101. {
102.     if(AImbotSetAngle == 0)
103.     {
104.     //vec3_t angles;
105.     UpdateValues();
106.     target = GetSuitableTarget();
107.     if (target == -1)
108.     {
109.         return;
110.     }
111.     else
112.     {
113.     AimTarget_GetTagPos(0,(0x377e3a08 + (clientNum * 0x31C)),tag_eye,(float*)&self);
114.     AimTarget_GetTagPos(0,(0x377e3a08 + (target * 0x31C)),aimat,(float*)&them);
115.     AImbotSetAngle = 1;
116.     }
117.     }
118. }
119.  
120. //
121.  
122. int CG_ProcessSnapshots_hook(int localClientNum)
123. {
124.     if (Dvar_GetBool(Dvar_cl_ingame))
125.     {
126.     if(Aimbot)
127.     {
128.     if (Pressed(Btn::L1) || Pressed(Btn::R1) && Pressed(Btn::L1))
129.     {
130.         DoAimbot();
131.     }
132.     }
133.     }
134.     return CG_ProcessSnapshots_Stub(localClientNum);
135. }
136.  
137. // this needs to be placed before do aimbot to be defined
138. bool IsVisible(vec3_t start, vec3_t end, int skipNumber)
139. {
140.     trace_t tr;
141.     CG_LocationalTrace(&tr, (float*)&start, (float*)&end,skipNumber, 0x803003,0, 0);
142.     return (tr.fraction != 1.0f);
143. }
144. int GetSuitableTarget()
145. {
146.     int bestTarget = -1;
147.     float min = 0x7fffffff;
148.     vec3_t them_tmp;
149.     AimTarget_GetTagPos(0,(0x377e3a08 + (clientNum * 0x31C)),tag_eye,(float*)&self);
150.     for (int i = 0; i < 18; i++)
151.     {
152.         clientInfo_t* client = &cg->clientInfo[i];
153.         if (client->clientNum == clientNum || !client->infoValid || !strcmp(client->name, "democlient") || client->team == 3 || !isAlive(client->clientNum))
154.             continue;
155.         else if(!isFFA)
156.         {
157.             if(client->team == team)
158.                 continue;
159.         }
160.         AimTarget_GetTagPos(0,(0x377e3a08 + (i * 0x31C)),aimat,(float*)&them_tmp);
161.         bool notVisible = IsVisible(self, them, clientNum);
162.         if (notVisible)
163.         {
164.             if (autoWall)
165.             {
166.                 if (!CanKillPlayer(i,self,them_tmp))//autowall needs to patch the FX to be slightly better
167.                 {
168.                     continue;
169.                 }
170.             }
171.             else
172.             {
173.                 continue;
174.             }
175.         }
176.         float distance = sqrtf((them_tmp.x - self.x) * (them_tmp.x - self.x) + (them_tmp.y - self.y) * (them_tmp.y - self.y) + (them_tmp.z - self.z) * (them_tmp.z - self.z));
177.  
178.         if (distance < min)
179.         {
180.             min = distance;
181.             bestTarget = i;
182.         }
183.     }
184.  
185.     return bestTarget;
186. }
187. bool CanKillPlayer(int EntityNum, vec3_t bonePosStart,vec3_t bonePosend)
188. {
189.     int localclient = *(int*)(*(int*)(0xC3DFB8));
190.     BulletFireParams bp;
191.     BulletTraceResults br;
192.     bp.MaxEntNum = 1022;
193.     bp.ignoreEntIndex = localclient;
194.     bp.damageMultiplier = 1.0f;
195.     bp.methodOfDeath = 1;
196.     bp.origStart = bonePosStart;
197.     bp.start = bonePosStart;
198.     bp.end = bonePosend;
199.  
200.     vec3_t subs = bonePosend - bonePosStart;
201.     vectoangles((float*)&subs);
202.     subs.x = angleseeeee[0];
203.     subs.y = angleseeeee[1];
204.     subs.z = angleseeeee[2];
205.     angleVectors(subs, &bp.dir, NULL, NULL);
206.  
207.     FireBulletPenetrate(0, &bp, cg->ps.weapon, &centity[localclient], (float*)&bonePosStart, 0, 1, &br);/*patch must be applied to this fonction to avoid FX*/
208.  
209.     return (EntityNum == bp.ignoreEntIndex);
210. }
211. void UpdateValues()
212. {
213.     clientNum = cg->clientNum;
214.     team = cg->clientInfo[clientNum].team;
215. }
216.  
217. void ApplyPrediction(vec3_t& position, int i, float flMultiplier) {
218.     vec3_t vVelocity;
219.     VectorSubtract(centity[i].pos.trBase, centity[i].NewOrigin, vVelocity);
220.     vVelocity.x *= flMultiplier;
221.     vVelocity.y *= flMultiplier;
222.     vVelocity.z *= flMultiplier;
223.     VectorAdd(position, vVelocity, position);
224. }
225.  
226.  
227.  
228. //Function you might need
229. struct opd_s
230. {
231.     int32_t sub;
232.     int32_t toc;
233. };
234.  
235. opd_s va_t = { 0x4DB3D8, TOC };
236. char *(*va)(const char *format, ...) = (char *(*)(const char *, ...))&va_t;
237.  
238. opd_s DB_FindXAssetHeader_t = { 0x2601A0, TOC };
239. XAssetHeader *(*DB_FindXAssetHeader)(XAssetHeader *header, XAssetType type, const char *name, bool errorIfMissing, int waitTime) = (XAssetHeader *(*)(XAssetHeader *, XAssetType, const char *, bool ,int))&DB_FindXAssetHeader_t;
240. opd_s DB_LinkXAssetEntry_t = { 0x25EE38, TOC };
241. XAssetEntryPoolEntry*(*DB_LinkXAssetEntry)(XAssetEntry *newEntry, int allowOverride) = (XAssetEntryPoolEntry*(*)(XAssetEntry *, int))&DB_LinkXAssetEntry_t;
242. opd_s Dvar_FindVar_t = { 0x4C55A0, TOC };
243. dvar_s*(*Dvar_FindVar)(const char *name) = (dvar_s*(*)(const char *))&Dvar_FindVar_t;
244. opd_s Scr_ExecThread_t = { 0x5DD580, TOC };
245. unsigned short(*Scr_ExecThread)(scriptInstance_t inst, int handle, int paramcount) = (unsigned short(*)(scriptInstance_t , int, int))&Scr_ExecThread_t;
246. opd_s Scr_FreeThread_t = { 0x5CB2C0, TOC };
247. void(*Scr_FreeThread)(unsigned short handle, scriptInstance_t inst) = (void(*)(unsigned short, scriptInstance_t))&Scr_FreeThread_t;
248.  
249. opd_s Scr_GetMethod_t = { 0x315BA8, TOC };
250. popd32(*Scr_GetMethod)(const char **pName, int *type) = (popd32(*)(const char **, int *))&Scr_GetMethod_t;
251.  
252. opd_s Scr_GetFunction_t = { 0x310FD8, TOC };
253. popd32(*Scr_GetFunction)(const char **pName, int *type) = (popd32(*)(const char **, int *))&Scr_GetFunction_t;
254.  
255. opd_s Scr_GetChecksum_t = { 0x5BA818, TOC };
256. void(*Scr_GetChecksum)(scrChecksum_t *vmChecksum, scriptInstance_t inst) = (void(*)(scrChecksum_t *, scriptInstance_t ))&Scr_GetChecksum_t;
257.  
258. opd_s G_Damage_t = { 0x2D8038, TOC };
259. int(*G_Damage)(int targ, int inflictor, int attacker, float *Dir, float *point, int damage, int dFlag, int mod, int weapon, hitLocation_t hitLocation, unsigned int modelIndex, unsigned int partName, int timeOffset) = (int(*)(int, int, int, float*, float*, int, int, int, int, hitLocation_t, unsigned int, unsigned int, int))&G_Damage_t;
260. opd_s webyte_J = { 0x375548, TOC };
261. int(*G_GetWeaponIndexForName)(const char* weapon) = (int(*)(const char*))&webyte_J;
262.  
263. opd_s JM_cellSpursLFQueuePushBody_t = { 0x8C7080, TOC };
264. int(*JM_cellSpursLFQueuePushBody)(CellSpursLFQueue *lfqueue, const void *buffer, unsigned int isBlocking) = (int(*)(CellSpursLFQueue *, const void *, unsigned int))&JM_cellSpursLFQueuePushBody_t;
265.  
266. opd_s Scr_GetFunctionHandle_t = { 0x5A92A0, TOC };
267. int(*Scr_GetFunctionHandle)(scriptInstance_t inst, const char *scriptName, const char *functionName) = (int(*)(scriptInstance_t, const char *, const char *))&Scr_GetFunctionHandle_t;
268.  
269. opd_s Scr_GetNumParam_t = { 0x5CB210, TOC };
270. int(*Scr_GetNumParam)(int scriptInstance) = (int(*)(int))&Scr_GetNumParam_t;
271.  
272. opd_s Scr_GetString_t = { 0x5D0D68, TOC };
273. char*(*Scr_GetString)(unsigned int index, scriptInstance_t scriptInstance) = (char*(*)(unsigned int, scriptInstance_t))&Scr_GetString_t;
274.  
275. opd_s Scr_GetInt_t = { 0x5D16C0, TOC };
276. int(*Scr_GetInt)(unsigned int index, scriptInstance_t scriptInstance) = (int(*)(unsigned int, scriptInstance_t))&Scr_GetInt_t;
277.  
278. opd_s Scr_LoadGameType_t = { 0x315728, TOC };
279. void(*Scr_LoadGameType)(void) = (void(*)(void))&Scr_LoadGameType_t;
280.  
281. opd_s Scr_LoadScript_t = { 0x5A9068, TOC };
282. void(*Scr_LoadScript)(scriptInstance_t inst, const char *scriptName) = (void(*)(scriptInstance_t, const char *))&Scr_LoadScript_t;
283.  
284. opd_s Scr_LoadScriptInternal_t = { 0x5A8D38, TOC };
285. void(*Scr_LoadScriptInternal)(scriptInstance_t inst, const char *scriptName) = (void(*)(scriptInstance_t, const char *))&Scr_LoadScriptInternal_t;
286.  
287.  
288. opd_s Dvar_GetBool_t = { 0x4C7BF0, TOC };
289. bool(*Dvar_GetBool)(const char *) = (bool(*)(const char *))&Dvar_GetBool_t;
290.  
291. opd_s Dvar_SetFromStringByName_t = { 0x4CF160, TOC };
292. void(*Dvar_SetFromStringByName)(const char *dvarName, const char *value) = (void(*)(const char *, const char *))&Dvar_SetFromStringByName_t;
293.  
294.  
295. opd_s Scr_GetSelf_t = { 0x5BA4F0, TOC };
296. int(*Scr_GetSelf)(scriptInstance_t inst,int value) = (int(*)(scriptInstance_t,int))&Scr_GetSelf_t;
297. opd_s SL_ConvertToString_t = { 0x5B6D10, TOC };
298. const char*(*SL_ConvertToString)(int stringValue, scriptInstance_t inst) = (const char*(*)(int, scriptInstance_t))&SL_ConvertToString_t;
299.  
300. opd_s Session_IsHost_t = { 0x698490, TOC };
301. bool(*Session_IsHost)(SessionData_s *session, const int clientNum) = (bool(*)(SessionData_s *, const int))&Session_IsHost_t;
302.  
303. opd_s CG_GetClientNum_t = { 0x116A60, TOC };
304. int(*CG_GetClientNum)(int localClientNum) = (int(*)(int))&CG_GetClientNum_t;
305.  
306. opd_s cb1 = { 0x399CC8, TOC };
307. void(*Cbuf)(int client, char* cmd) = (void(*)(int, char*))&cb1;
308.  
309. opd_s SV_GameSendServerCommand_t = { 0x3E95F0, TOC };
310. void(*SV_GameSendServerCommand)(int client, int type, char* cmd) = (void(*)(int, int, char*))&SV_GameSendServerCommand_t;
311.  
312.  
313. opd_s SV_AddServerCommand_t = { 0x3EED08, TOC };
314. void(*SV_AddServerCommand)(int client, int type, char* cmd) = (void(*)(int, int, char*))&SV_AddServerCommand_t;
315.  
316. opd_s makeDvarServerInfo_t = { 0x31B590, TOC };
317. void(*GSC_makeDvarServerInfo)() = (void(*)())&makeDvarServerInfo_t;
318.  
319. opd_s UI_OpenToastPopup_t = { 0x42C198, TOC };
320. void(*UI_OpenToastPopup)(int localClientNum, const char *toastPopupIconName, const char *toastPopupTitle, const char *toastPopupDesc, int toastPopupDuration) = (void(*)(int, const char *, const char *, const char *, int))&UI_OpenToastPopup_t;
321.  
322. opd_s Cmd_MenuResponse_f_t = { 0x2D5AE8, TOC };
323. void(*Cmd_MenuResponse_f)(gentity_s *pEnt) = (void(*)(gentity_s *))&Cmd_MenuResponse_f_t;
324. opd_s SV_Cmd_ArgvBuffer_t = { 0x3997C8, TOC };
325. void(*SV_Cmd_ArgvBuffer)(int arg, char *buffer, int bufferLength) = (void(*)(int, char *, int))&SV_Cmd_ArgvBuffer_t;
326.  
327. opd_s AimTarget_IsTargetVisible_t = {0x58640,TOC};
328. bool(*AimTarget_IsTargetVisible)(int localClientNum, int targetEnt, short visBone) = (bool(*)(int localClientNum, int targetEnt, short visBone))&AimTarget_IsTargetVisible_t;
329. opd_s AimTarget_GetTagPos_t = {0x54C88,TOC};
330. float*(*AimTarget_GetTagPos)( int loaclclient,int cent, short tagName, float*pos) = (float*(*)( int, int , short , float*))&AimTarget_GetTagPos_t;
331.  
332. opd_s CG_LocationalTrace_t = {0x1A1C98,TOC};
333. void(*CG_LocationalTrace)(trace_t* results, const float *start, const float *end, int passEntityNum, int contentMask, bool checkRopes, int col_context_t) = (void(*)(trace_t* results, const float *start, const float *end, int passEntityNum, int contentMask, bool checkRopes, int col_context_t))&CG_LocationalTrace_t;
334.  
335. opd_s BG_GetWeaponDef_t = {0xC0A98,TOC};
336. int(*BG_GetWeaponDef)(unsigned short weaponIndex) = (int(*)(unsigned short ))&BG_GetWeaponDef_t;
337. opd_s BulletTrace_t = {0x18D6F0,TOC};
338. bool(*BulletTrace)(int localClientNum, BulletFireParams *bp, int weapDef, centity_s *attacker, BulletTraceResults *br, int lastSurfaceType) = (bool(*)(int localClientNum, BulletFireParams *bp, int weapDef, centity_s *attacker, BulletTraceResults *br, int lastSurfaceType))&BulletTrace_t;
339. opd_s Trace_GetEntityHitId_t = {0x38BD00,TOC};
340. short(*Trace_GetEntityHitId)(trace_t *trace) = (short(*)(trace_t *trace))&Trace_GetEntityHitId_t;
341. opd_s BG_GetSurfacePenetrationDepth_t = {0xA8A28,TOC};
342. float(*BG_GetSurfacePenetrationDepth)(int weapDef, int surfaceType) = (float(*)(int weapDef, int surfaceType))&BG_GetSurfacePenetrationDepth_t;
343. opd_s BG_AdvanceTrace_t = {0xABBB0,TOC};
344. bool(*BG_AdvanceTrace)(BulletFireParams *bp, BulletTraceResults *br, float dist) = (bool(*)(BulletFireParams *bp, BulletTraceResults *br, float dist))&BG_AdvanceTrace_t;
345. opd_s FireBulletPenetrate_t = { 0x001966A0, TOC };
346. void(*FireBulletPenetrate)(int localClientNum, BulletFireParams *bp, unsigned int weaponIndex, centity_s* attacker, float tracerStart[3], int drawTracer, int isPlayer, BulletTraceResults *br) = (void(*)(int, BulletFireParams*, unsigned int, centity_s*, float[3], int, int, BulletTraceResults*))&FireBulletPenetrate_t;
347. opd_s BG_GetSpreadForWeapon_t = {0xAB8C8,TOC};
348. void(*BG_GetSpreadForWeapon)(int ps, int weapDef, float *minSpread, float *maxSpread) = (void(*)(int ps, int weapDef, float *minSpread, float *maxSpread))&BG_GetSpreadForWeapon_t;
349.  
350. opd_s CL_SetViewAngles_t = {0x1A6448,TOC};
351. void(*CL_SetViewAngles)(int localClientNum, const float *angles) = (void(*)(int localClientNum, const float *angles))&CL_SetViewAngles_t;
352.  
353. bool CompareString(const char *str1, const char *str2)
354. {
355.     return !strcmp(str1, str2);
356. }
357.  
358. opd_s UI_OpenMenu_t = { 0x42F398, TOC };
359. void(*UI_OpenMenu)(int localClientNum, const char *menuName) = (void(*)(int, const char *))&UI_OpenMenu_t;
360.  
361. opd_s Key_SetCatcher_t = { 0x1BE2E0, TOC };
362. void(*Key_SetCatcher)(int localClientNum, int catcher) = (void(*)(int, int))&Key_SetCatcher_t;
363.  
364. opd_s Key_IsCatcherActive_t = { 0x1BF680, TOC };
365. bool(*Key_IsCatcherActive)(int localClientNum, int mask) = (bool(*)(int, int))&Key_IsCatcherActive_t;
366.  
367. opd_s Scr_AddInt_t = { 0x5DF2A0, TOC };
368. void(*Scr_AddInt)(int value, scriptInstance_t inst) = (void(*)(int, scriptInstance_t))&Scr_AddInt_t;
369. opd_s Scr_AddFloat_t = { 0x5DF630, TOC };
370. void(*Scr_AddFloat)(float value, scriptInstance_t inst) = (void(*)(float, scriptInstance_t))&Scr_AddFloat_t;
371. opd_s Scr_AddString_t = { 0x5DE750, TOC };
372. void(*Scr_AddString)(const char* value, scriptInstance_t inst) = (void(*)(const char*, scriptInstance_t))&Scr_AddString_t;
373. opd_s Scr_AddVector_t = { 0x5DEB08, TOC };
374. void(*Scr_AddVector)(float* value, scriptInstance_t inst) = (void(*)(float*, scriptInstance_t))&Scr_AddVector_t;
375. opd_s Scr_AddConstString_t = { 0x5DEEB8, TOC };
376. void(*Scr_AddConstString)(unsigned short value, scriptInstance_t inst) = (void(*)(unsigned short, scriptInstance_t))&Scr_AddConstString_t;
377. opd_s Scr_AddEntity_t = { 0x355028, TOC };
378. void(*Scr_AddEntity)(int value, scriptInstance_t inst) = (void(*)(int, scriptInstance_t))&Scr_AddEntity_t;
379. opd_s SL_GetString_t = { 0x5B99C8, TOC };
380. int(*SL_GetString)(const char* str, unsigned int user, scriptInstance_t inst) = (int(*)(const char*, unsigned int, scriptInstance_t))&SL_GetString_t;
381.  
382. opd_s CG_GameMessage_t = { 0x113550, TOC };
383. void(*CG_GameMessage)(int localClientNum, const char *msg) = (void(*)(int, const char *))&CG_GameMessage_t;
384.  
385. opd_s CG_BoldGameMessage_t = { 0x113528, TOC };
386. void(*CG_BoldGameMessage)(int localClientNum, const char *msg, int duration) = (void(*)(int, const char *, int))&CG_BoldGameMessage_t;
387.  
388. opd_s Dvar_GetString_t = { 0x4C7370, TOC };
389. char*(*Dvar_GetString)(const char *dvarName) = (char*(*)(const char *))&Dvar_GetString_t;
390.  
391. typedef void(*UI_KeyboardCallback)(int localClientNum, const wchar_t *text, size_t size);
392.  
393. opd_s ExecuteKeyboardCallback_t = { 0x56A270, TOC };
394. void(*ExecuteKeyboardCallback)(int localClientNum) = (void(*)(int))&ExecuteKeyboardCallback_t;
395.  
396. opd_s UI_DrawKeyboard_t = { 0x56A118, TOC };
397. void(*UI_DrawKeyboard)(int localClientNum, const wchar_t *title, const wchar_t *presetMessage, size_t size, UI_KeyboardCallback function) = (void(*)(int, const wchar_t *, const wchar_t *, size_t, UI_KeyboardCallback))&UI_DrawKeyboard_t;
398.  
399.  
400. void Scr_SetNumParam(scriptInstance_t inst, int numParams)
401. {
402.     int ep = 0x1AF6334 + (inst * 0x4320) + 0x10;
403.     *(int*)(ep + 0xC) = numParams;
404. }
405. void Scr_ClearOutParams()
406. {
407.     *(int*)(&scrVmPub->outparamcount) = 0;
408. }
409.  
410. opd_s ParseAddr(int Address)
411. {
412.     opd_s GLS = { Address, TOC };
413.     return GLS;
414. }
415.  
416. ///////////////////////////////////// non-host /////////////////////////////////////
417.  
418. opd_s R_AddCmdDrawStretchPic_t = { 0x751940, TOC };
419. opd_s Material_RegisterHandle_t = { 0x7458D8, TOC };
420. opd_s R_AddCmdDrawText_t = { 0x754410, TOC };
421. opd_s R_RegisterFont_t = { 0x734350, TOC };
422.  
423. void(*R_AddCmdDrawStretchPic)(float, float, float, float, float, float, float, float, float *, int) = (void(*)(float, float, float, float, float, float, float, float, float *, int))&R_AddCmdDrawStretchPic_t;
424. int(*Material_RegisterHandle)(char *, int) = (int(*)(char *, int))&Material_RegisterHandle_t;
425. void(*R_AddCmdDrawText)(char *, int, int, float, float, float, float, float, float *, int) = (void(*)(char *text, int maxChars, int font, float x, float y, float xScale, float yScale, float rotation, float *color, int style))&R_AddCmdDrawText_t;
426. int(*R_RegisterFont)(char *, int) = (int(*)(char *name, int imageTrack))&R_RegisterFont_t;
427.  
428.  
429.  
430.  
431.  
432.  
433.  
434.  
435.  
436.  
437.  
438.  
439.  
440.  
441.  
442. //structure & variables
443. typedef struct vec3_t {
444.     float x, y, z;
445.     vec3_t() {
446.         x = y = z = 0;
447.     }
448.     vec3_t(float x, float y, float z) {
449.         this->x = x; this->y = y; this->z = z;
450.     }
451.     const bool operator== (vec3_t const &Vector) {
452.         return (this->x == Vector.x && this->y == Vector.y && this->z == Vector.z);
453.     }
454.  
455. const vec3_t& operator* (const float mul) {
456.         return vec3_t(this->x *= mul, this->y *= mul, this->z *= mul);
457.     }
458.     const bool operator != (vec3_t const &Vector) {
459.         return (this->x != Vector.x && this->y != Vector.y && this->z != Vector.z);
460.     }
461.     const vec3_t& operator+ (vec3_t const &Vector) {
462.         return vec3_t(this->x + Vector.x, this->y + Vector.y, this->z + Vector.z);
463.     }
464.     vec3_t operator- (vec3_t const &Vector) {
465.         return vec3_t(this->x - Vector.x, this->y - Vector.y, this->z - Vector.z);
466.     }
467.     const vec3_t& operator/ (float scale) {
468.         return vec3_t(this->x / scale, this->y / scale, this->z / scale);
469.     }
470. } vec3_t;
471.  
472. #define ANGLE2SHORT(x) ((int)((x) * 65536.0f / 360.0f ) & 65535)
473. #define SHORT2ANGLE(x) ((x) * ( 360.0f / 65536.0f ))
474.  
475. #define VectorSubtract(a,b,c) ((c).x=(a).x-(b).x,(c).y=(a).y-(b).y,(c).z=(a).z-(b).z)
476. #define VectorAdd(a,b,c)  ((c).x=(a).x+(b).x,(c).y=(a).y+(b).y,(c).z=(a).z+(b).z)
477.  
478. struct BulletFireParams
479. {
480.     int MaxEntNum;//0
481.     int ignoreEntIndex;//4
482.     float damageMultiplier;//8
483.     int methodOfDeath;//c
484.     vec3_t origStart;//14
485.     vec3_t start;//18
486.     vec3_t end;//1c
487.     vec3_t dir;//20
488. };
489.  
490. typedef void gclient_s;
491. struct gentity_s
492. {
493.     char pad0[0x144];
494.     gclient_s *client;
495.     char pad1[0x1B0];
496. };
497.  
498. gentity_s *g_entities = (gentity_s *)0x12AB290;
499. enum TraceHitType
500. {
501.     TRACE_HITTYPE_NONE = 0,
502.     TRACE_HITTYPE_ENTITY = 1,
503.     TRACE_HITTYPE_DYNENT_MODEL = 2,
504.     TRACE_HITTYPE_DYNENT_BRUSH = 3,
505.     TRACE_HITTYPE_GLASS = 4,
506. };
507. struct trace_t
508. {
509.     /* 0x0000 */ float normal[3];
510.     /* 0x000C */ char unk1[0x04];
511.     /* 0x0010 */ float fraction;
512.     /* 0x0014 */ int sflags;
513.     /* 0x0018 */ int cflags;
514.     /* 0x001c */ enum TraceHitType hitType;
515.     /* 0x0020 */ unsigned short hitId;
516.     /* 0x0022 */ unsigned short modelIndex;
517.     /* 0x0024 */ unsigned short partName;
518.     /* 0x0026 */ unsigned short boneIndex;
519.     /* 0x0028 */ unsigned short partGroup;
520.     /* 0x002a */ bool allsolid;
521.     /* 0x002b */ bool startsolid;
522.     /* 0x002c */ bool walkable;
523.     /* 0x002d */ char Padding_455[3];
524.     /* 0x0030 */ struct cStaticModel_s* staticModel;
525.     /* 0x0034 */ int hitPartition;
526. };
527. struct BulletTraceResults
528. {
529.     trace_t trace;
530.     int* hitEnt; // gentity_s*
531.     float hitPos[3];
532.     int ignoreHitEnt;
533.     int hitSurfaceType;
534. };
535.  
536.  
537.  
538. //int myindex = *(int*)(*(int*)(0xC3DFB8));
539.  
540.  
541. struct cpose_ts
542. {
543.     unsigned short lightningHandle; //0x00
544.     unsigned char eType; //0x02
545.     char eTypeUnion; //0x03
546.     int localClientNum; //0x04
547.     char pad01[40]; //0x8
548.     //int physObjId; //0x18
549.     vec3_t origin; //0x30
550.     vec3_t angles; //0x3C
551.     vec3_t absmin; //0x48
552.     vec3_t absmax; //0x54
553.     char pad02[12]; //0x60
554. }; //size 0x6C
555.  
556. struct trajectory_t
557. {
558.     char trType;
559.     int trTime;
560.     int trDuration;
561.     vec3_t trBase;
562.     vec3_t trDelta;
563. };
564. struct centity_s
565. {
566.     cpose_ts pose;        //0x00
567.     char pad0[0x8];        //0x6C
568.     vec3_t bounds[2];       //0x0074
569.     char _0x008C[0x30];     //0x008C
570.     short eventParam;       //0x00BC
571.     char _0x00BE[0x6];      //0x00BE
572.     short otherEntityNum;   //0x00C4
573.     short attackerEntityNum;//0x00C6
574.     char _0x00C8[0xA8]; //0x00C8
575.     char trType;        //0x170
576.     int trTime;            //0x174
577.     int trDuration;        //0x178
578.     vec3_t NewOrigin;    //0x17C
579.     vec3_t trDelta;    //0x188
580.     char trType2;        //0x194
581.     int trTime2;        //0x198
582.     int trDuration2;    //0x19C
583.     vec3_t trBase2;    //0x1A0
584.     vec3_t trDelta2;    //0x1AC
585.     char pad_u[32];        //0x1B8
586.     int useCount;        //0x1D8
587.     int clientnum;        //0x1DC
588.     int eFlags;            //0x1E0
589.     int eFlags2;        //0x1E4
590.     trajectory_t pos;    //0x1E8
591.     trajectory_t apos;    //0x20C
592.     char _0x0230[0x14];     //0x0230
593.     int actorTeam;          //0x0244
594.     short primaryWeapon;    //0x0248
595.     char _0x024A[0xB];      //0x024A
596.     char renderCamo;        //0x0255
597.     char _0x0256[0x2A];     //0x0256
598.     int item;               //0x0280
599.     char _0x0284[0x16];     //0x0284
600.     short eType;        //0x29A
601.     short hitEntityNum;     //0x029C
602.     char pad00[8];        //0x29E
603.     unsigned short weapon;//0x2A6
604.     char pad000[0x74];    //0x2A8
605. };
606. /*struct centity_s
607. {
608.     char _0x0000[0x2];      //0x0000
609.     short Alive;            //0x0002
610.     char _0x0004[0x2C];     //0x0004
611.     vec3_t origin;          //0x0030
612.     char _0x003C[0xC];      //0x003C
613.     vec3_t absBounds[2];    //0x0048
614.     char _0x0060[0x14];     //0x0060       char _0x006C[0x8];   //0x006c
615.     vec3_t bounds[2];       //0x0074
616.     char _0x008C[0x30];     //0x008C
617.     short eventParam;       //0x00BC
618.     char _0x00BE[0x6];      //0x00BE
619.     short otherEntityNum;   //0x00C4
620.     short attackerEntityNum;//0x00C6
621.     char _0x00C8[0x120];    //0x00C8
622.     int number;             //0x01E8
623.     int eFlags;             //0x01EC
624.     int eFlags2;            //0x01F0
625.     char _0x01F4[0x50];     //0x01F4
626.     int actorTeam;          //0x0244
627.     short primaryWeapon;    //0x0248
628.     char _0x024A[0xB];      //0x024A
629.     char renderCamo;        //0x0255
630.     char _0x0256[0x2A];     //0x0256
631.     int item;               //0x0280
632.     char _0x0284[0x22];     //0x0284
633.     short eType;            //0x02A6
634.     short hitEntityNum;     //0x02A8
635.     char _0x00AA[0x2];      //0x02AA
636.     short sourceEntityNum;  //0x02AC
637.     char _0x02A8[0x6E];     //0x02AE
638.     //size: 0x031C
639. };*/
640.  
641. #pragma region objective_t
642. struct objective_t
643. {
644.     int state; //0x00
645.     float origin[3]; //0x04
646.     float size[2]; //0x10
647.     int entNum; //0x18
648.     int teamNum; //0x1C
649.     int icon; //0x20
650.     int use3D; //0x24
651.     int color; //0x28
652.     const char* alt_3D_text; //0x2C
653. }; //size 0x30
654. #pragma endregion
655.  
656. struct playerstate_s
657. {
658.     unsigned int commandTime; //0x0
659.     int pm_type; //0x4
660.     int bobCycle; //0x8
661.     int pm_flags; //0xC
662.     int weapFlags; //0x10
663.     int otherFlags; //0x14
664.     int pm_time; //0x18
665.     unsigned int loopSoundId; //0x1C
666.     int loopSoundFade; //0x20
667.     float origin[3]; //0x24
668.     float velocity[3]; //0x30
669.     int weaponTime; //0x3C
670.     int weaponDelay; //0x40
671.     int weaponTimeLeft; //0x44
672.     int weaponDelayLeft; //0x48
673.     int weaponIdleTime; //0x4C
674.     int grenadeTimeLeft; //0x50
675.     int throwBackGrenadeOwner; //0x54
676.     int throwBackGrenadeTimeLeft; //0x58
677.     int weaponRestrictKickTime; //0x5C
678.     bool mountAvailable; //0x60
679.     bool bRunLeftGun; //0x61
680.     bool bCarryingTurret; //0x62
681.     char pad01[0x1]; //0x63
682.     float mountPos[3]; //0x64
683.     float mountDir; //0x70
684.     int foliageSoundTime; //0x74
685.     int gravity; //0x78
686.     float leanf; //0x7C
687.     int speed; //0x80
688.     float delta_angles[3]; //0x84
689.     int groundEntityNum; //0x90
690.     int groundType; //0x94
691.     float vLadderVec[3]; //0x98
692.     int jumpTime; //0xA4
693.     float jumpOriginZ; //0xA8
694.     int slideTime; //0xAC
695.     int moveType; //0xB0
696.     int legsTimer; //0xB4
697.     int torsoTimer; //0xB8
698.     short legsAnim; //0xBC
699.     short torsoAnim; //0xBE
700.     int legsAnimDuration; //0xC0
701.     int torsoAnimDuration; //0xC4
702.     int damageTimer; //0xC8
703.     int damageDuration; //0xCC
704.     int dmgDirection; //0xD0
705.     int dmgType; //0xD4
706.     int corpseIndex; //0xD8
707.     int movementDir; //0xDC
708.     int eFlags; //0xE0
709.     int eFlags2; //0xE4
710.     short predictableEventSequence; //0xE8
711.     short predictableEventSequenceOld; //0xEA
712.     int predictableEvents[4]; //0xEC
713.     unsigned int predictableEventParms[4]; //0xFC
714.     short unpredictableEventSequence; //0x10C
715.     short unpredictableEventSequenceOld; //0x10E
716.     int unpredictableEvents[4]; //0x110
717.     unsigned int unpredictableEventParms[4]; //0x120
718.     char clientNum;             //0x130
719.     int offHandIndex;           //0x134
720.     int offhandSecondary;       //0x138
721.     int offhandPrimary;         //0x13C
722.     char pad00[4];              //0x140
723.     unsigned short weapon;              //0x144
724.     unsigned short lastStandPrevWeapon; //0x146
725.     unsigned int lastWeaponAltModeSwitch;//0x148
726.     unsigned int stowedWeapon;          //0x14C
727.     char stowedWeaponCamo;              //0x150
728.     unsigned int meleeWeapon;           //0x154
729.     int weaponstate;                    //0x158
730.     int weaponstateLeft;                //0x15C
731.     unsigned int weaponShotCount;       //0x160
732.     unsigned int weaponShotCountLeft;   //0x164
733.     float fWeaponPosFrac;               //0x168
734.     int adsDelayTime;                   //0x16C
735.     int spreadOverride;                 //0x170
736.     int spreadOverrideState;            //0x174
737.     float weaponSpinLerp;               //0x178
738.     int viewmodelIndex;                 //0x17C
739.     vec3_t viewangles;                  //0x180
740.     char pad03[0x3D4]; // 0x18C
741.     float aimSpreadScale;   //0x560
742.     char pad04[0x58]; // 0x564
743.     objective_t objective[0x20];//0x5BC
744.     int deltaTime; //0xBBC
745.     int killCamEntity; //0xBC0
746.     int killCamTargetEntity; //0xBC4
747.  
748. }; //size 0xBC8
749.  
750. #pragma region refdef_s
751. struct refdef_s
752. {
753.     unsigned int x; //0x00
754.     unsigned int y; //0x04
755.     unsigned int width; //0x08
756.     unsigned int height; //0x0C
757.     char pad01[0x14]; //0x10
758.     float tanHalfFovX; //0x24
759.     float tanHalfFovY; //0x28
760.     float fov_x; //0x2C
761.     vec3_t vieworg; //0x30
762.     float yaw; //0x3C
763.     float viewaxis[3][3]; //0x40
764.     int time; //0x64
765. }; //size 0x68
766. #pragma endregion
767.  
768. #pragma region snapshot_s
769. struct snapshot_s
770. {
771.     int snapFlags; //0x00
772.     int ping; //0x04
773.     int serverTime; //0x08
774.     int physicsTime; //0x0C
775.     playerstate_s ps; //0x10
776.     int numEntities;
777.     int numClients;
778.     //entityState_s entities[512];
779.     //clientState_s clients[32];
780.     char matchState_pad[0x80];
781.     int serverCommandSequence;
782. };
783. #pragma endregion
784.  
785. #pragma region score_s
786. struct score_s
787. {
788.     int ping; //0x00
789.     int status_icon; //0x04
790.     int place; //0x08
791.     int score; //0x0C
792.     int kills; //0x10
793.     int assists; //0x14
794.     int deaths; //0x18
795.     int scoreboardColumns[4]; //0x1C
796. }; //size 0x2C
797. #pragma endregion
798.  
799. #pragma region clientInfo_t
800. struct lerpFrame_t
801. {
802.     float yawAngle; //0x00
803.     int yawing; //0x04
804.     float pitchAngle; //0x08
805.     int pitching; //0x0C
806.     int animationNumber; //0x10
807.     void* animation; //0x14
808.     int animationTime; //0x18
809.     float oldFramePos[3]; //0x1C
810.     float oldFrameYaw; //0x28
811.     float animSpeedScale; //0x2C
812.     int oldFrameSnapshotTime; //0x30
813. }; //size 0x34
814.  
815. struct clientInfo_t
816. {
817.     int infoValid; //0x00
818.     int nextValid; //0x04
819.     int clientNum; //0x08
820.     char name[0x20]; //0x0C
821.     int team; //0x2C
822.     int oldTeam; //0x30
823.     int ffaTeam; //0x34
824.     int rank; //0x38
825.     int prestige; //0x3C
826.     int needsRevive; //0x40
827.     unsigned int perks[2]; //0x44
828.     char pad01[0x4]; //0x4C
829.     unsigned long long xuid; //0x50
830.     char clanAbbrev[0x8]; //0x58
831.     score_s score; //0x60
832.     void* hStatusIcon; //0x8C
833.     void* hRankIcon; //0x90
834.     int location; //0x94
835.     int health; //0x98
836.     char model[0x40]; //0x9C
837.     char attachModelNames[0x6][0x40]; //0xDC
838.     char attachTagNames[0x6][0x40]; //0x1C0
839.     lerpFrame_t legs; //0x25C
840.     lerpFrame_t torso; //0x290
841.     float lerpMoveDir; //0x2C4
842.     float lerpLean; //0x2C8
843.     float playerAngles[3]; //0x2CC
844.     int leftHandGun; //0x2D8
845.     int dobjDirty; //0x2DC
846.     char pad02[0x170]; //0x2E0
847. }; //size 0x5D0
848. #pragma endregion
849.  
850. #pragma region cg_s
851. struct cg_s
852. {
853.     int clientNum; //0x00
854.     int localClientNum; //0x04
855.     char pad01[0x18]; //0x08
856.     int latestSnapshotNum; //0x20
857.     int latestSnapshotTime; // 0x24
858.     snapshot_s* snap; //0x28
859.     snapshot_s* nextSnap; //0x2C
860.     char pad02[0x58]; //0x30
861.     int serverTime; //0x88
862.     char pad03[0x28]; //0x8C
863.     float origin[3]; //0xB4
864.     char pad04[0x1C]; //0xC0
865.     int lastAimTime; //0xDC
866.     char pad05[0x4]; //0xE0
867.     int maxEntities; //0xE4
868.     char pad06[0x88]; //0xE8
869.     int stance; //0x170
870.     char pad07[0x60]; //0x174
871.     unsigned short weapon; //0x1D4
872.     char pad08[0x7E]; //0x1D8
873.     int health; //0x254
874.     char pad09[0x3ED44]; //0x258
875.     playerstate_s ps; //0x3EF9C
876.     char pad10[0x1E9C]; // 0x3FB64
877.     refdef_s refdef; //0x41A00
878.     char pad11[0x1BE78]; //0x41A68
879.     float compassNorthYaw; //0x5D8E0
880.     float compassNorth[2]; //0x5D8E4
881.     void* compassMapMaterial; //0x5D8EC
882.     float compassMapUpperLeft[2]; //0x5D8F0
883.     float compassMapWorldSize[2]; //0x5D8F8
884.     int compassLastTime; //0x5D900
885.     float compassYaw; //0x5D904
886.     float compassSpeed; //0x5D908
887.     int compassFadeTime; //0x5D90C
888.     char pad12[0x1E8]; //0x5D910
889.     clientInfo_t clientInfo[18]; //0x5DAF8
890. };
891. #pragma endregion
892.  
893. struct usercmd_s
894. {
895.     int serverTime;//0x00
896.     int button_bits[2];//0x04
897.     float angles[3]; //0x0C
898.     unsigned short weapon;//0x18
899.     unsigned short offHandIndex;//0x1A
900.     unsigned short lastWeaponAltModeSwitch;//0x1C
901.     char forwardmove;//0x1E
902.     char rightmove;//0x1F
903.     char upmove;//0x20
904.     char pitchmove;//0x21
905.     char yawmove;//0x22
906.     char pad00;//0x23
907.     float meleeChargeYaw;//0x24
908.     char meleeChargeDist;//0x28
909.     char pad01[3];//0x29
910.     float rollmove;//0x2C
911.     char selectedLocation[2];//0x30
912.     char selectedYaw;//0x32
913.     char pad03;//0x33
914. };//size 0x34
915.  
916. #pragma region clientActive_t
917. struct clientActive_t
918. {
919.     char pad01[0x10]; //0x00
920.     int serverTime; //0x10
921.     int oldServerTime; //0x14
922.     int oldFrameServerTime; //0x18
923.     int serverTimeDelta; //0x1C
924.     int ping; //0x20
925.     char pad02[0x88]; //0x24
926.     vec3_t deltaAngles; //0xAC
927.     char pad03[0x2794]; //0xB8
928.     vec3_t viewAngle; //0x284C
929.     char pad04[0x40010]; //0x2858
930.     usercmd_s cmds[0x80]; //0x42868
931.     int cmdNumber; //0x44268
932. }; //size 0x4426C
933. #pragma endregion
934. #define clientActive (*(clientActive_t**)(0xD223C4))
935. #define centity ((centity_s*)(0x377e3a08))
936. #define cg ((cg_s*)(*(int*)(0xC3DFB8)))
937.