Untitled


   EXTERN JmpBack : QWORD
   EXTERN JmpBack2 : QWORD
   EXTERN BadClass : QWORD
   EXTERN PlayerClass : QWORD
   EXTERN ?GetList@@YAX_J@Z : PROC
   EXTERN ?GetPlayerList@@YAX_J@Z : PROC

  .code

     GetBadGuys PROC

         mov rax,[BadClass]
         cmp rax,[rcx+10h]
         jne BSkip

           push rax
           push rbx
           push rcx
           push rdx
           push rbp
           push rdi
           push rsi
           push r8
           push r9
           push r10
           push r11
           push r12
           push r13
           push r14
           push r15

           call ?GetList@@YAX_J@Z

           pop r15
           pop r14
           pop r13
           pop r12
           pop r11
           pop r10
           pop r9
           pop r8
           pop rsi
           pop rdi
           pop rbp
           pop rdx
           pop rcx
           pop rbx
           pop rax

         BSkip:
         mov rax,[rbx+58h]
         mov rdx,[rax+28h]
         mov rax,[rdx+58h]
         cmp qword ptr[rax+88h],00
         jmp qword ptr [JmpBack]
     GetBadGuys ENDP

   GetLocalGuys PROC


   push rax
   push rbx
   push rcx
   push rdx
   push rbp
   push rdi
   push rsi
   push r8
   push r9
   push r10
   push r11
   push r12
   push r13
   push r14
   push r15

   mov rcx,qword ptr[rcx+250h]
   call ?GetList@@YAX_J@Z

   pop r15
   pop r14
   pop r13
   pop r12
   pop r11
   pop r10
   pop r9
   pop r8
   pop rsi
   pop rdi
   pop rbp
   pop rdx
   pop rcx
   pop rbx
   pop rax

        mov rcx,qword ptr[rcx+250h]
        test rcx,rcx
        je Skip
         mov rax,qword ptr[rcx]
         jmp qword ptr[rax+600h]
        Skip:
        ret
    GetLocalGuys ENDP

     GetPlayers PROC

         mov rax,[PlayerClass]
         cmp rax,[rbx+10h]
         mov rax,[rbx]
         jne PSkip

           push rax
           push rbx
           push rcx
           push rdx
           push rbp
           push rdi
           push rsi
           push r8
           push r9
           push r10
           push r11
           push r12
           push r13
           push r14
           push r15

           call ?GetPlayerList@@YAX_J@Z

           pop r15
           pop r14
           pop r13
           pop r12
           pop r11
           pop r10
           pop r9
           pop r8
           pop rsi
           pop rdi
           pop rbp
           pop rdx
           pop rcx
           pop rbx
           pop rax

         PSkip:
         call qword ptr[rax+158h]
         movss xmm0,dword ptr[rax+00000598h]
         jmp qword ptr [JmpBack2]
     GetPlayers ENDP

    END

//push rbx
//sub rsp,40
//movsd xmm0,[rcx+00000220]
//lea r8,[rcx+0000022C]
//
//World2Otter-Win64-Shipping.exe+E0B810
//
//RCX + 22C

// movups xmm0,xmmword ptr[rax+11Ch]
#include "includes.h"
#include <iostream>
#include "imgui/imgui_internal.h"
#include "imgui/imgui.h"
#include <vector>

struct Vector3
{
	float x, y, z;
};

struct BadGuyStruct
{
	intptr_t Instance;
	int Health;
	Vector3 Pos;
};

struct PlayerStruct
{
	intptr_t Instance;
	bool TeamID;
	Vector3 Pos;
};

extern LRESULT ImGui_ImplWin32_WndProcHandler(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam);
typedef bool (*World2Screen) (intptr_t PlayerCtrl, Vector3 pos, ImVec2& screen, bool relative);
typedef uintptr_t(*StaticFindObject) (long long klass, long long package, const wchar_t* name, bool exact);
//ProjectWorldLocationToScreen
World2Screen ScreenPtr;
StaticFindObject FindObject;

Present oPresent;
HWND window = NULL;
WNDPROC oWndProc;
ID3D11Device* pDevice = NULL;
ID3D11DeviceContext* pContext = NULL;
ID3D11RenderTargetView* mainRenderTargetView;

extern "C" void GetLocalGuys();
extern "C" void GetBadGuys();
extern "C" void GetPlayers();
extern "C" UINT64 JmpBack = 0;
extern "C" UINT64 JmpBack2 = 0;
extern "C" uintptr_t BadClass = 0;
extern "C" uintptr_t PlayerClass = 0;
std::vector<BadGuyStruct> BadList;
std::vector<PlayerStruct> PlayerList;

bool bShow = false;
bool bShowPlayer = false;
bool _TeamID = true;
int ClearCounter = 0;

void GetPlayerList(intptr_t BadGuy)
{
	//   0x240 0x328 = teamID ( 0 / 1 )
	bool* TeamID = NULL;

	intptr_t Capsule = BadGuy;
	Capsule = Capsule + 0x290;
	Capsule = *(intptr_t*)Capsule;

	intptr_t PlayerData = BadGuy;
	PlayerData = PlayerData + 0x240;

	PlayerData = *(intptr_t*)PlayerData;
	if (PlayerData)
	{
		PlayerData = PlayerData + 0x328;
		bool* TeamID = (bool*)PlayerData;
	}

	if (Capsule > 0 && PlayerData > 0)
	{
		Capsule = Capsule + 0x11C;
		Vector3* Pos = (Vector3*)Capsule;
		bool bAdd = true;
		for (PlayerStruct &b : PlayerList)
		{
			if (b.Instance == BadGuy)
			{
				bAdd = false;
				b.Pos = *Pos;
			}
		}
		if (bAdd)
		{
			PlayerStruct tmp;
			tmp.Instance = BadGuy;
			tmp.Pos = *Pos;
			tmp.TeamID = *TeamID;
			PlayerList.push_back(tmp);
		}
	}
}

void GetList(intptr_t BadGuy)
{
	if (BadGuy == 0)
	{
		return;
	}
	intptr_t pHealth = BadGuy + 0x648;
	int* health = (int*)pHealth;
	intptr_t Capsule = BadGuy;
	Capsule = Capsule + 0x290;
	Capsule = *(intptr_t*)Capsule;
	if (Capsule > 0)
	{
		Capsule = Capsule + 0x11C;
		Vector3* Pos = (Vector3*)Capsule;
		bool bAdd = true;
		for (BadGuyStruct &b : BadList)
		{
			if (b.Instance == BadGuy)
			{
				bAdd = false;
				b.Health = *health;
				b.Pos = *Pos;
			}
		}
		if (bAdd)
		{
			BadGuyStruct tmp;
			tmp.Instance = BadGuy;
			tmp.Health = *health;
			tmp.Pos = *Pos;
			BadList.push_back(tmp);
		}
	}
}

float VectorDistance(Vector3* v1, Vector3 *v2)
{
Vector3 v;
v.x = v1->x - v2->x;
v.y = v1->y - v2->y;
v.z = v1->z - v2->z;
return sqrt(v.x*v.x + v.y*v.y + v.z*v.z);
}

void* DetourFunction64(void* pSource, void* pDestination, int dwLen)
{
	DWORD MinLen = 14;

	if (dwLen < MinLen) return NULL;

	BYTE stub[] = {
	0xFF, 0x25, 0x00, 0x00, 0x00, 0x00, // jmp qword ptr [$+6]
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 // ptr
	};

	void* pTrampoline = VirtualAlloc(0, dwLen + sizeof(stub), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);

	DWORD dwOld = 0;
	VirtualProtect(pSource, dwLen, PAGE_EXECUTE_READWRITE, &dwOld);

	DWORD64 retto = (DWORD64)pSource + dwLen;

	// trampoline
	memcpy(stub + 6, &retto, 8);
	memcpy((void*)((DWORD_PTR)pTrampoline), pSource, dwLen);
	memcpy((void*)((DWORD_PTR)pTrampoline + dwLen), stub, sizeof(stub));

	// orig
	memcpy(stub + 6, &pDestination, 8);
	memcpy(pSource, stub, sizeof(stub));

	for (int i = MinLen; i < dwLen; i++)
	{
		*(BYTE*)((DWORD_PTR)pSource + i) = 0x90;
	}

	VirtualProtect(pSource, dwLen, dwOld, &dwOld);
	return (void*)((DWORD_PTR)pTrampoline); // not needed but well who cares xD
}

void InitImGui()
{
	ImGui::CreateContext();
	ImGuiIO& io = ImGui::GetIO();
	io.ConfigFlags = ImGuiConfigFlags_NoMouseCursorChange;
	ImGui_ImplWin32_Init(window);
	ImGui_ImplDX11_Init(pDevice, pContext);
}

LRESULT __stdcall WndProc(const HWND hWnd, UINT uMsg, WPARAM wParam, LPARAM lParam) {

	if (true && ImGui_ImplWin32_WndProcHandler(hWnd, uMsg, wParam, lParam))
		return true;

	return CallWindowProc(oWndProc, hWnd, uMsg, wParam, lParam);
}

bool init = false;
HRESULT __stdcall hkPresent(IDXGISwapChain* pSwapChain, UINT SyncInterval, UINT Flags)
{
	if (!init)
	{
		if (SUCCEEDED(pSwapChain->GetDevice(__uuidof(ID3D11Device), (void**)& pDevice)))
		{
			pDevice->GetImmediateContext(&pContext);
			DXGI_SWAP_CHAIN_DESC sd;
			pSwapChain->GetDesc(&sd);
			window = sd.OutputWindow;
			ID3D11Texture2D* pBackBuffer;
			pSwapChain->GetBuffer(0, __uuidof(ID3D11Texture2D), (LPVOID*)& pBackBuffer);
			pDevice->CreateRenderTargetView(pBackBuffer, NULL, &mainRenderTargetView);
			pBackBuffer->Release();
			oWndProc = (WNDPROC)SetWindowLongPtr(window, GWLP_WNDPROC, (LONG_PTR)WndProc);
			InitImGui();
			init = true;
		}

		else
			return oPresent(pSwapChain, SyncInterval, Flags);
	}

	ImGui_ImplDX11_NewFrame();
	ImGui_ImplWin32_NewFrame();
	ImGui::NewFrame();

	ImGui::Begin("cfemen hook");
	ImGui::Checkbox("ESP(F1)", &bShow);
	ImGui::Checkbox("Player(F2)", &bShowPlayer);
	if (bShow)
	{
		ImGui::Text("%d", BadList.size());
	}

	/*if (!bShow)
	{
		BadList.clear();
	}*/


	ImGui::End();

	ClearCounter++;
	if (ClearCounter > 100)
	{
		BadList.clear();
		PlayerList.clear();
		ClearCounter = 0;
	}

	if (GetAsyncKeyState(VK_F1) & 0x1)
	{
		bShow = !bShow;
		BadClass = FindObject(0, -1, L"BP_BadGuy_C", true);
		PlayerClass = FindObject(0, -1, L"BP_Character_C", true);
		Sleep(25);
	}
	if (GetAsyncKeyState(VK_F2) & 0x1)
	{
		bShowPlayer = !bShowPlayer;
		Sleep(25);
	}
	if (GetAsyncKeyState(VK_F2) & 0x1)
	{
		_TeamID = !_TeamID;
		Sleep(25);
	}

		ImGui::PushStyleVar(ImGuiStyleVar_WindowBorderSize, 0.f);
		ImGui::PushStyleColor(ImGuiCol_WindowBg, ImVec4(0.0f, 0.0f, 0.0f, 0.0f));
		ImGui::Begin("BackBuffer", reinterpret_cast<bool*>(true), ImGuiWindowFlags_NoTitleBar | ImGuiWindowFlags_NoInputs | ImGuiWindowFlags_NoScrollbar | ImGuiWindowFlags_NoMove | ImGuiWindowFlags_NoResize);
		ImGui::SetWindowPos(ImVec2(0, 0), ImGuiCond_Always);
		ImGui::SetWindowSize(ImVec2(ImGui::GetIO().DisplaySize.x, ImGui::GetIO().DisplaySize.y), ImGuiCond_Always);

		ImGuiWindow* window = ImGui::GetCurrentWindow();
		ImDrawList* _drawList = window->DrawList;
		ImVec2 myVec;
		window->FontWindowScale = 1.0f;

			uintptr_t BaseHandle = (uintptr_t)GetModuleHandleA("GroundBranch-Win64-Shipping.exe");
			intptr_t Engine = (intptr_t)BaseHandle+0x5DA5FD0;
			Engine = *(intptr_t*)Engine;
			if (Engine && bShow)
			{
				Engine = Engine + 0xDE8;
				Engine = *(intptr_t*)Engine;
				Engine = Engine + 0x38;
				Engine = *(intptr_t*)Engine;
				// 0
				Engine = *(intptr_t*)Engine;
				Engine = Engine + 0x30;
				Engine = *(intptr_t*)Engine; // PlayerController

				//

				intptr_t Player = Engine;
				Player = Player + 0x260;
				Vector3* playerPos = NULL;

				if (Player != 0x260)
				{
					Player = *(intptr_t*)Player;
					if (Player)
					{
						Player = Player + 0x290; // Capsule
						Player = *(intptr_t*)Player;
						Player = Player + 0x11C;
						playerPos = (Vector3*)Player;
					}

				}

				ImVec2 Screen;

				if (Engine && playerPos != NULL)
				{
					for (BadGuyStruct b : BadList)
					{
							ImVec2 Screen;
							int Len = (int)VectorDistance(playerPos, &b.Pos);
							Len = Len / 100;
							ScreenPtr(Engine,b.Pos,Screen,true);
							char Buffer[32];
							sprintf_s(Buffer, "[[%d]]", Len);
							if (Len < 100)
							{
								_drawList->AddText(Screen, ImColor(1.0f, 0.1f, 0.1f),Buffer);
							}
							else
							{
								_drawList->AddText(Screen, ImColor(1.0f, 0.5f, 0.1f),Buffer);
							}
					}

					//

				    for (PlayerStruct b : PlayerList)
					{
							ImVec2 Screen;
							int Len = (int)VectorDistance(playerPos, &b.Pos);
							Len = Len / 100;
							ScreenPtr(Engine,b.Pos,Screen,true);
							char Buffer[32];
							sprintf_s(Buffer, "%d", Len);
							if (Len < 100 && bShowPlayer && b.TeamID == _TeamID)
							{
								_drawList->AddText(Screen, ImColor(0.0f, 1.1f, 0.1f),Buffer);
							}
					}
				}
			}

			//_drawList->AddText(myVec, ImColor(1.0f, 0.1f, 0.1f),"AA");


		window->DrawList->PushClipRectFullScreen();
		ImGui::End();
		ImGui::PopStyleColor();
		ImGui::PopStyleVar();

	ImGui::Render();

	pContext->OMSetRenderTargets(1, &mainRenderTargetView, NULL);
	ImGui_ImplDX11_RenderDrawData(ImGui::GetDrawData());
	return oPresent(pSwapChain, SyncInterval, Flags);
}

DWORD WINAPI MainThread(LPVOID lpReserved)
{

	bool init_hook = false;

	uintptr_t BaseHandle = (uintptr_t)GetModuleHandleA("GroundBranch-Win64-Shipping.exe");

	uintptr_t pW2S = BaseHandle + 0x36799F0;
	// BadGuys finden = any BadGuy Base schauen was davon liest
	uintptr_t BadGuys = BaseHandle + 0x32DEF50;
	uintptr_t BadGuysOnline = BaseHandle + 0x332393F;
	uintptr_t pFindObject = BaseHandle + 0x1B10230;

	uintptr_t pFindPlayer = BaseHandle + 0x31D6056;

	DetourFunction64((PVOID)BadGuys, GetLocalGuys, 14); // offline
	DetourFunction64((PVOID)BadGuysOnline, GetBadGuys,20); // online

	DetourFunction64((PVOID)pFindPlayer, GetPlayers,14); // online

	JmpBack = BadGuysOnline + 20;
	JmpBack2 = pFindPlayer + 14;

	ScreenPtr = (World2Screen)pW2S;
	FindObject = (StaticFindObject)pFindObject;

	//BadClass = FindObject(0, -1, L"BP_BadGuy_C", true);

	//AllocConsole();
	//FILE* fDummy;
	//freopen_s(&fDummy, "CONOUT$", "w", stdout);
	//std::cout << std::hex << BadClass;


	do
	{
		if (kiero::init(kiero::RenderType::D3D11) == kiero::Status::Success)
		{
			kiero::bind(8, (void**)& oPresent, hkPresent);
			init_hook = true;
		}
	} while (!init_hook);
	return TRUE;
}

BOOL WINAPI DllMain(HMODULE hMod, DWORD dwReason, LPVOID lpReserved)
{
	switch (dwReason)
	{
	case DLL_PROCESS_ATTACH:
		DisableThreadLibraryCalls(hMod);
		CreateThread(nullptr, 0, MainThread, hMod, 0, nullptr);
		break;
	case DLL_PROCESS_DETACH:
		kiero::shutdown();
		break;
	}
	return TRUE;
}