public int GetClientClass(MemUtils memUtils)
{
uint function = memUtils.Read<uint>((IntPtr)(m_iVirtualTable + 2 * 0x04));
if (function != 0xFFFFFFFF)
return memUtils.Read<int>((IntPtr)(function + 0x01));
else
return -1;
}
static void LocalPlayer(MemUtils memUtils)
{
scan = memUtils.PerformSignatureScan(new byte[] { 0x8D, 0x34, 0x85, 0x00, 0x00, 0x00, 0x00, 0x89, 0x15, 0x00, 0x00, 0x00, 0x00, 0x8B, 0x41, 0x08, 0x8B, 0x48 }, "xxx????xx????xxxxx", clientDll);
if (scan.Success)
{
int tmp = memUtils.Read <int>((IntPtr)(scan.Address.ToInt32() + 3));
byte tmp2 = memUtils.Read <byte>((IntPtr)(scan.Address.ToInt32() + 18));
CSGOOffsets.Misc.LocalPlayer = tmp + tmp2 - clientDllBase;
}
}
static void EntityOff(MemUtils memUtils)
{
scan = memUtils.PerformSignatureScan(new byte[] { 0x05, 0x00, 0x00, 0x00, 0x00, 0xC1, 0xe9, 0x00, 0x39, 0x48, 0x04 }, "x????xx?xxx", clientDll);
if (scan.Success)
{
int tmp = memUtils.Read <int>((IntPtr)(scan.Address.ToInt32() + 1));
byte tmp2 = memUtils.Read <byte>((IntPtr)(scan.Address.ToInt32() + 7));
CSGOOffsets.Misc.EntityList = tmp + tmp2 - clientDllBase;
}
}
/// <summary>
/// Initializes a new PEInfo using the given baseaddress of a module
/// </summary>
/// <param name="baseAddress"></param>
/// <param name="memUtils">Instance of MemUtils to use in order to read data</param>
public PEInfo(IntPtr baseAddress, MemUtils memUtils)
{
MemUtils = memUtils;
DOSHeader = MemUtils.Read<DOSHeader>(baseAddress);
COFFHeaderAddress = new IntPtr(baseAddress.ToInt64() + DOSHeader.e_lfanew + 4);
COFFHeader = MemUtils.Read<COFFHeader>(COFFHeaderAddress);
PEOptHeaderAddress = new IntPtr(COFFHeaderAddress.ToInt64() + Marshal.SizeOf(typeof(COFFHeader)));
PEOptHeader = MemUtils.Read<PEOptHeader>(PEOptHeaderAddress);
}
public int GetClassID(MemUtils memUtils)
{
int clientClass = GetClientClass(memUtils);
if (clientClass != -1)
return memUtils.Read<int>((IntPtr)(clientClass + 20));
return clientClass;
}
/// <summary>
/// Parses a module from memory
/// </summary>
/// <param name="baseAddress">The address of the module to be parsed</param>
/// <param name="length">The size of the module to be parsed</param>
/// <param name="memUtils">MemUtils-instance that is used to dump the module</param>
/// <returns></returns>
public static PEInfo FromMemory(IntPtr baseAddress, int length, MemUtils memUtils)
{
var data = new byte[length];
memUtils.Read(baseAddress, out data, length);
return(new PEInfo(data));
}
static void SetViewAngles(MemUtils memUtils)
{
scan = memUtils.PerformSignatureScan(new byte[] { 0x8B, 0x15, 0x00, 0x00, 0x00, 0x00, 0x8B, 0x4D, 0x08, 0x8B, 0x82, 0x00, 0x00, 0x00, 0x00, 0x89, 0x01, 0x8B, 0x82, 0x00, 0x00, 0x00, 0x00, 0x89, 0x41, 0x04 }, "xx????xxxxx????xxxx????xxx", engineDll);
if (scan.Success)
{
int tmp = memUtils.Read <int>((IntPtr)(scan.Address.ToInt32() + 11));
CSGOOffsets.ClientState.m_dwViewAngles = tmp;
}
}
static void ClientState(MemUtils memUtils)
{
scan = memUtils.PerformSignatureScan(new byte[] { 0xC2, 0x00, 0x00, 0xCC, 0xCC, 0x8B, 0x0D, 0x00, 0x00, 0x00, 0x00, 0x33, 0xC0, 0x83, 0xB9 }, "x??xxxx????xxxx", engineDll);
if (scan.Success)
{
int tmp = memUtils.Read <int>((IntPtr)(scan.Address.ToInt32() + 7));
CSGOOffsets.ClientState.Base = tmp - engineDllBase;
}
}
static void Jump(MemUtils memUtils)
{
scan = memUtils.PerformSignatureScan(new byte[] { 0x89, 0x15, 0x00, 0x00, 0x00, 0x00, 0x8B, 0x15, 0x00, 0x00, 0x00, 0x00, 0xF6, 0xC2, 0x03, 0x74, 0x03, 0x83, 0xCE, 0x08, 0xA8, 0x08, 0xBF }, "xx????xx????xxxxxxxxxxx", clientDll);
if (scan.Success)
{
int tmp = memUtils.Read <int>((IntPtr)(scan.Address.ToInt32() + 2));
CSGOOffsets.Misc.Jump = tmp - clientDllBase;
}
}
static void GlowManager(MemUtils memUtils)
{
scan = memUtils.PerformSignatureScan(new byte[] { 0x8D, 0x8F, 0x00, 0x00, 0x00, 0x00, 0xA1, 0x00, 0x00, 0x00, 0x00, 0xC7, 0x04, 0x02, 0x00, 0x00, 0x00, 0x00, 0x89, 0x35, 0x00, 0x00, 0x00, 0x00, 0x8B, 0x51 }, "xx????x????xxx????xx????xx", clientDll);
if (scan.Success)
{
int tmp = memUtils.Read <int>((IntPtr)(scan.Address.ToInt32() + 7));
CSGOOffsets.Misc.GlowManager = tmp - clientDllBase;
}
}
static void WeaponTable(MemUtils memUtils)
{
scan = memUtils.PerformSignatureScan(new byte[] { 0xA1, 0x00, 0x00, 0x00, 0x00, 0x0F, 0xB7, 0xC9, 0x03, 0xC9, 0x8B, 0x44, 0x00, 0x0C, 0xC3 }, "x????xxxxxxx?xx", clientDll);
if (scan.Success)
{
int tmp = memUtils.Read <int>((IntPtr)(scan.Address.ToInt32() + 1));
CSGOOffsets.Misc.WeaponTable = tmp - clientDllBase;
}
}
static void ClientState(MemUtils memUtils)
{
scan = memUtils.PerformSignatureScan(new byte[] { 0xC2, 0x00, 0x00, 0xCC, 0xCC, 0x8B, 0x0D, 0x00, 0x00, 0x00, 0x00, 0x33, 0xC0, 0x83, 0xB9 }, "x??xxxx????xxxx", engineDll);
if (scan.Success)
{
int tmp = memUtils.Read<int>((IntPtr)(scan.Address.ToInt32() + 7));
CSGOOffsets.ClientState.Base = tmp - engineDllBase;
}
}
public CSGOWeapon GetActiveWeapon(MemUtils memUtils)
{
if (this.m_hActiveWeapon == 0xFFFFFFFF)
return new CSGOWeapon() { m_iItemDefinitionIndex = 0, m_iWeaponID = 0 };
uint handle = this.m_hActiveWeapon & 0xFFF;
int weapAddress = 0;// Program.entityAddresses[handle - 1];
return memUtils.Read<CSGOWeapon>((IntPtr)weapAddress);
}
public string GetName(MemUtils memUtils)
{
int clientClass = GetClientClass(memUtils);
if (clientClass != -1)
{
int ptr = memUtils.Read<int>((IntPtr)(GetClassID(memUtils) + 8));
return memUtils.ReadString((IntPtr)(ptr + 8), 32, Encoding.ASCII);
}
return "none";
}
/// <summary>
/// Reads the Export Address Table (EAT) of this module from live memory
/// </summary>
/// <param name="memUtils">MemUtils-instance that is used to read data</param>
/// <param name="imageBase">Base-address pf this module in memory</param>
/// <param name="ied">The _IMAGE_EXPORT_DIRECTORY of this module</param>
/// <returns></returns>
public Tuple <string, int>[] ReadExportedFunctions(MemUtils memUtils, IntPtr imageBase, _IMAGE_EXPORT_DIRECTORY ied)
{
List <Tuple <string, int> > functions = new List <Tuple <string, int> >();
IntPtr lpFunctions = (IntPtr)(imageBase.ToInt64() + ied.AddressOfFunctions);
IntPtr lpNames = (IntPtr)(imageBase.ToInt64() + ied.AddressOfNames);
for (int i = 0; i < ied.NumberOfFunctions; i++)
{
int address = memUtils.Read <int>((IntPtr)(lpFunctions.ToInt64() + i * 4));
string name = "?";
if (lpFunctions != lpNames)
{
int nameAddress = memUtils.Read <int>((IntPtr)(lpNames.ToInt64() + i * 4));
name = memUtils.ReadString((IntPtr)(imageBase.ToInt64() + nameAddress), 64, Encoding.ASCII);
}
functions.Add(new Tuple <string, int>(name, address));
}
return(functions.ToArray());
}
static void SignOnState(MemUtils memUtils)
{
scan = memUtils.PerformSignatureScan(
new byte[] { 0x51, 0xA1, 0x00, 0x00, 0x00, 0x00, 0x8B, 0x51, 0x00, 0x83, 0xB8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7C, 0x40, 0x3B, 0xD1 },
"xx????xx?xx?????xxxx", engineDll);
if (scan.Success)
{
int tmp = memUtils.Read <int>((IntPtr)(scan.Address.ToInt32() + 11));
CSGOOffsets.Misc.SignOnState = tmp;
}
}
static void PlayerWeaponHandle(MemUtils memUtils)
{
scan = memUtils.PerformSignatureScan(
new byte[] { 0x0F, 0x45, 0xF7, 0x5F, 0x8B, 0x8E, 0x00, 0x00, 0x00, 0x00, 0x5E, 0x83, 0xF9, 0xFF },
"xxxxxx????xxxx", clientDll);
if (scan.Success)
{
int tmp = memUtils.Read <int>((IntPtr)(scan.Address.ToInt32() + 6));
CSGOOffsets.NetVars.C_CSPlayer.m_hActiveWeapon = tmp;
}
}
static void EntityID(MemUtils memUtils)
{
scan = memUtils.PerformSignatureScan(
new byte[] { 0x74, 0x72, 0x80, 0x79, 0x00, 0x00, 0x8B, 0x56, 0x00, 0x89, 0x55, 0x00, 0x74, 0x17 },
"xxxx??xx?xx?xx", clientDll);
if (scan.Success)
{
byte tmp = memUtils.Read<byte>((IntPtr)(scan.Address.ToInt32() + 8));
CSGOOffsets.NetVars.C_BaseEntity.m_iID = tmp;
}
}
static void PlayerTeamNum(MemUtils memUtils)
{
scan = memUtils.PerformSignatureScan(
new byte[] { 0xCC, 0xCC, 0xCC, 0x8B, 0x89, 0x00, 0x00, 0x00, 0x00, 0xE9, 0x00, 0x00, 0x00, 0x00, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0x8B, 0x81, 0x00, 0x00, 0x00, 0x00, 0xC3, 0xCC, 0xCC },
"xxxxx????x????xxxxxxx????xxx", clientDll);
if (scan.Success)
{
int tmp = memUtils.Read <int>((IntPtr)(scan.Address.ToInt32() + 5));
CSGOOffsets.NetVars.C_BaseEntity.m_iTeamNum = tmp;
}
}
static void PlayerBoneMatrix(MemUtils memUtils)
{
scan = memUtils.PerformSignatureScan(
new byte[] { 0x83, 0x3C, 0xB0, 0xFF, 0x75, 0x15, 0x8B, 0x87, 0x00, 0x00, 0x00, 0x00, 0x8B, 0xCF, 0x8B, 0x17, 0x03, 0x44, 0x24, 0x0C, 0x50 },
"xxxxxxxx????xxxxxxxxx", clientDll);
if (scan.Success)
{
int tmp = memUtils.Read <int>((IntPtr)(scan.Address.ToInt32() + 8));
CSGOOffsets.NetVars.C_CSPlayer.m_hBoneMatrix = tmp;
}
}
static void EntityVecOrigin(MemUtils memUtils)
{
scan = memUtils.PerformSignatureScan(
new byte[] { 0x8A, 0x0E, 0x80, 0xE1, 0xFC, 0x0A, 0xC8, 0x88, 0x0E, 0xF3, 0x00, 0x00, 0x87, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87, 0x00, 0x00, 0x00, 0x00, 0x9F },
"xxxxxxxxxx??x??????x????x", clientDll);
if (scan.Success)
{
int tmp = memUtils.Read <int>((IntPtr)(scan.Address.ToInt32() + 13));
CSGOOffsets.NetVars.C_BaseEntity.m_vecOrigin = tmp;
}
}
static void EntityHealth(MemUtils memUtils)
{
scan = memUtils.PerformSignatureScan(
new byte[] { 0x8B, 0x41, 0x00, 0x89, 0x41, 0x00, 0x8B, 0x41, 0x00, 0x89, 0x41, 0x00, 0x8B, 0x41, 0x00, 0x89, 0x41, 0x00, 0x8B, 0x4F, 0x00, 0x83, 0xB9, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7F, 0x2E },
"xx?xx?xx?xx?xx?xx?xx?xx????xxx", clientDll);
if (scan.Success)
{
int tmp = memUtils.Read <int>((IntPtr)(scan.Address.ToInt32() + 23));
CSGOOffsets.NetVars.C_BaseEntity.m_iHealth = tmp;
}
}
static void EntityID(MemUtils memUtils)
{
scan = memUtils.PerformSignatureScan(
new byte[] { 0x74, 0x72, 0x80, 0x79, 0x00, 0x00, 0x8B, 0x56, 0x00, 0x89, 0x55, 0x00, 0x74, 0x17 },
"xxxx??xx?xx?xx", clientDll);
if (scan.Success)
{
byte tmp = memUtils.Read <byte>((IntPtr)(scan.Address.ToInt32() + 8));
CSGOOffsets.NetVars.C_BaseEntity.m_iID = tmp;
}
}
static void EntityHealth(MemUtils memUtils)
{
scan = memUtils.PerformSignatureScan(
new byte[] { 0x8B, 0x41, 0x00, 0x89, 0x41, 0x00, 0x8B, 0x41, 0x00, 0x89, 0x41, 0x00, 0x8B, 0x41, 0x00, 0x89, 0x41, 0x00, 0x8B, 0x4F, 0x00, 0x83, 0xB9, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7F, 0x2E },
"xx?xx?xx?xx?xx?xx?xx?xx????xxx", clientDll);
if (scan.Success)
{
int tmp = memUtils.Read<int>((IntPtr)(scan.Address.ToInt32() + 23));
CSGOOffsets.NetVars.C_BaseEntity.m_iHealth = tmp;
}
}
private static void GameResources(MemUtils memUtils)
{
scan = memUtils.PerformSignatureScan(new byte[] {
0x89, 0x4D, 0xF4, //mov [ebp-0C],ecx
0x8B, 0x0D, 0x00, 0x00, 0x00, 0x00, //mov ecx,[engine.dll+xxxx]
0x53, //push ebx
0x56, //push esi
0x57, //push edi
0x8B, 0x01
}, "xxxxx????xxxxx", engineDll);
if (scan.Success)
{
int address, pointer, offset;
pointer = memUtils.Read <int>((IntPtr)(scan.Address.ToInt32() + 5)) - engineDllBase;
scan = memUtils.PerformSignatureScan(new byte[] {
0xCC, //int 3
0xCC, //int 3
0x55, //push ebp
0x8B, 0xEC, //mov ebp,esp
0x8B, 0x45, 0x08, //mov eax,[ebp+08]
0x8B, 0x44, 0xC1, 0x00, //mov eax,[acx+eax*8+xx]
0x5D, //pop ebp
0xC2, 0x00, 0x00, //ret 0004
0xCC, //int 3
0xCC
}, "xxxxxxxxxxx?xx??xx", clientDll);
if (scan.Success)
{
offset = memUtils.Read <byte>((IntPtr)(scan.Address.ToInt32() + 11));
address = memUtils.Read <int>((IntPtr)(engineDllBase + pointer));
address = address + 0x46 * 8 + offset;
address -= clientDllBase;
CSGOOffsets.GameResources.Base = address;
}
}
}
static void vMatrix(MemUtils memUtils)
{
scan = memUtils.PerformSignatureScan(new byte[] {
0x53, 0x8B, 0xDC, 0x83, 0xEC, 0x08, 0x83, 0xE4,
0xF0, 0x83, 0xC4, 0x04, 0x55, 0x8B, 0x6B, 0x04,
0x89, 0x6C, 0x24, 0x04, 0x8B, 0xEC, 0xA1, 0x00,
0x00, 0x00, 0x00, 0x81, 0xEC, 0x98, 0x03, 0x00,
0x00
}, "xxxxxxxxxxxxxxxxxxxxxxx????xxxxxx", clientDll);
if (scan.Success)
{
int address = memUtils.Read <int>((IntPtr)(scan.Address.ToInt32() + +0x4EE));
address -= clientDllBase;
address += 0x80;
CSGOOffsets.Misc.ViewMatrix = address;
}
}
static void SignOnState(MemUtils memUtils)
{
scan = memUtils.PerformSignatureScan(
new byte[] { 0x51, 0xA1, 0x00, 0x00, 0x00, 0x00, 0x8B, 0x51, 0x00, 0x83, 0xB8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7C, 0x40, 0x3B, 0xD1 },
"xx????xx?xx?????xxxx", engineDll);
if (scan.Success)
{
int tmp = memUtils.Read<int>((IntPtr)(scan.Address.ToInt32() + 11));
CSGOOffsets.Misc.SignOnState = tmp;
}
}
static void PlayerWeaponHandle(MemUtils memUtils)
{
scan = memUtils.PerformSignatureScan(
new byte[] { 0x0F, 0x45, 0xF7, 0x5F, 0x8B, 0x8E, 0x00, 0x00, 0x00, 0x00, 0x5E, 0x83, 0xF9, 0xFF },
"xxxxxx????xxxx", clientDll);
if (scan.Success)
{
int tmp = memUtils.Read<int>((IntPtr)(scan.Address.ToInt32() + 6));
CSGOOffsets.NetVars.C_CSPlayer.m_hActiveWeapon = tmp;
}
}
static void SetViewAngles(MemUtils memUtils)
{
scan = memUtils.PerformSignatureScan(new byte[] { 0x8B, 0x15, 0x00, 0x00, 0x00, 0x00, 0x8B, 0x4D, 0x08, 0x8B, 0x82, 0x00, 0x00, 0x00, 0x00, 0x89, 0x01, 0x8B, 0x82, 0x00, 0x00, 0x00, 0x00, 0x89, 0x41, 0x04 }, "xx????xxxxx????xxxx????xxx", engineDll);
if (scan.Success)
{
int tmp = memUtils.Read<int>((IntPtr)(scan.Address.ToInt32() + 11));
CSGOOffsets.ClientState.m_dwViewAngles = tmp;
}
}
public virtual void ReadValue(int baseAddress, MemUtils memUtils)
{
this.Value = memUtils.Read <T>((IntPtr)(baseAddress + this.Offset));
this.ValueRead = true;
}
/// <summary>
/// Reads the _IMAGE_EXPORT_DIRECTORY of this module from live memory
/// </summary>
/// <param name="memUtils">MemUtils-instance that is used to read data</param>
/// <param name="imageBase">Base-address pf this module in memory</param>
/// <returns></returns>
public _IMAGE_EXPORT_DIRECTORY ReadImageExportDirectory(MemUtils memUtils, IntPtr imageBase)
{
return memUtils.Read<_IMAGE_EXPORT_DIRECTORY>((IntPtr)(imageBase.ToInt64() + this.PEOptHeader.DataDirectory1.VirtualAddress));
}
private static void PlayerTeamNum(MemUtils memUtils)
{
_scan = memUtils.PerformSignatureScan(
new byte[]
{
0xCC, 0xCC, 0xCC, 0x8B, 0x89, 0x00, 0x00, 0x00, 0x00, 0xE9, 0x00, 0x00, 0x00, 0x00, 0xCC, 0xCC, 0xCC,
0xCC, 0xCC, 0x8B, 0x81, 0x00, 0x00, 0x00, 0x00, 0xC3, 0xCC, 0xCC
},
"xxxxx????x????xxxxxxx????xxx", _clientDll);
if (_scan.Success)
{
var tmp = memUtils.Read<int>((IntPtr) (_scan.Address.ToInt32() + 5));
Offsets.NetVars.CBaseEntity.TeamNum = tmp;
}
}
static void EntityVecOrigin(MemUtils memUtils)
{
scan = memUtils.PerformSignatureScan(
new byte[] { 0x8A, 0x0E, 0x80, 0xE1, 0xFC, 0x0A, 0xC8, 0x88, 0x0E, 0xF3, 0x00, 0x00, 0x87, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87, 0x00, 0x00, 0x00, 0x00, 0x9F },
"xxxxxxxxxx??x??????x????x", clientDll);
if (scan.Success)
{
int tmp = memUtils.Read<int>((IntPtr)(scan.Address.ToInt32() + 13));
CSGOOffsets.NetVars.C_BaseEntity.m_vecOrigin = tmp;
}
}
private static void EntityHealth(MemUtils memUtils)
{
_scan = memUtils.PerformSignatureScan(
new byte[]
{
0x8B, 0x41, 0x00, 0x89, 0x41, 0x00, 0x8B, 0x41, 0x00, 0x89, 0x41, 0x00, 0x8B, 0x41, 0x00, 0x89, 0x41,
0x00, 0x8B, 0x4F, 0x00, 0x83, 0xB9, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7F, 0x2E
},
"xx?xx?xx?xx?xx?xx?xx?xx????xxx", _clientDll);
if (_scan.Success)
{
var tmp = memUtils.Read<int>((IntPtr) (_scan.Address.ToInt32() + 23));
Offsets.NetVars.CBaseEntity.Health = tmp;
}
}
/// <summary>
/// Reads the Export Address Table (EAT) of this module from live memory
/// </summary>
/// <param name="memUtils">MemUtils-instance that is used to read data</param>
/// <param name="imageBase">Base-address pf this module in memory</param>
/// <param name="ied">The _IMAGE_EXPORT_DIRECTORY of this module</param>
/// <returns></returns>
public Tuple<string, int>[] ReadExportedFunctions(MemUtils memUtils, IntPtr imageBase, _IMAGE_EXPORT_DIRECTORY ied)
{
List<Tuple<string, int>> functions = new List<Tuple<string, int>>();
IntPtr lpFunctions = (IntPtr)(imageBase.ToInt64() + ied.AddressOfFunctions);
IntPtr lpNames = (IntPtr)(imageBase.ToInt64() + ied.AddressOfNames);
for (int i = 0; i < ied.NumberOfFunctions; i++)
{
int address = memUtils.Read<int>((IntPtr)(lpFunctions.ToInt64() + i * 4));
string name = "?";
if (lpFunctions != lpNames)
{
int nameAddress = memUtils.Read<int>((IntPtr)(lpNames.ToInt64() + i * 4));
name = memUtils.ReadString((IntPtr)(imageBase.ToInt64() + nameAddress), 64, Encoding.ASCII);
}
functions.Add(new Tuple<string, int>(name, address));
}
return functions.ToArray();
}
static void vMatrix(MemUtils memUtils)
{
scan = memUtils.PerformSignatureScan(new byte[] {
0x53, 0x8B, 0xDC, 0x83, 0xEC, 0x08, 0x83, 0xE4,
0xF0, 0x83, 0xC4, 0x04, 0x55, 0x8B, 0x6B, 0x04,
0x89, 0x6C, 0x24, 0x04, 0x8B, 0xEC, 0xA1, 0x00,
0x00, 0x00, 0x00, 0x81, 0xEC, 0x98, 0x03, 0x00,
0x00 }, "xxxxxxxxxxxxxxxxxxxxxxx????xxxxxx", clientDll);
if (scan.Success)
{
int address = memUtils.Read<int>((IntPtr)(scan.Address.ToInt32() + +0x4EE));
address -= clientDllBase;
address += 0x80;
CSGOOffsets.Misc.ViewMatrix = address;
}
}
static void WeaponTable(MemUtils memUtils)
{
scan = memUtils.PerformSignatureScan(new byte[] { 0xA1, 0x00, 0x00, 0x00, 0x00, 0x0F, 0xB7, 0xC9, 0x03, 0xC9, 0x8B, 0x44, 0x00, 0x0C, 0xC3 }, "x????xxxxxxx?xx", clientDll);
if (scan.Success)
{
int tmp = memUtils.Read<int>((IntPtr)(scan.Address.ToInt32() + 1));
CSGOOffsets.Misc.WeaponTable = tmp - clientDllBase;
}
}
private static void GameResources(MemUtils memUtils)
{
scan = memUtils.PerformSignatureScan(new byte[]{
0x89, 0x4D, 0xF4, //mov [ebp-0C],ecx
0x8B, 0x0D, 0x00, 0x00, 0x00, 0x00, //mov ecx,[engine.dll+xxxx]
0x53, //push ebx
0x56, //push esi
0x57, //push edi
0x8B, 0x01 }, "xxxxx????xxxxx", engineDll);
if (scan.Success)
{
int address, pointer, offset;
pointer = memUtils.Read<int>((IntPtr)(scan.Address.ToInt32() + 5)) - engineDllBase;
scan = memUtils.PerformSignatureScan(new byte[] {
0xCC, //int 3
0xCC, //int 3
0x55, //push ebp
0x8B, 0xEC, //mov ebp,esp
0x8B, 0x45, 0x08, //mov eax,[ebp+08]
0x8B, 0x44, 0xC1, 0x00, //mov eax,[acx+eax*8+xx]
0x5D, //pop ebp
0xC2, 0x00, 0x00, //ret 0004
0xCC, //int 3
0xCC }, "xxxxxxxxxxx?xx??xx", clientDll);
if (scan.Success)
{
offset = memUtils.Read<byte>((IntPtr)(scan.Address.ToInt32() + 11));
address = memUtils.Read<int>((IntPtr)(engineDllBase + pointer));
address = address + 0x46 * 8 + offset;
address -= clientDllBase;
CSGOOffsets.GameResources.Base = address;
}
}
}
static void GlowManager(MemUtils memUtils)
{
scan = memUtils.PerformSignatureScan(new byte[] { 0x8D, 0x8F, 0x00, 0x00, 0x00, 0x00, 0xA1, 0x00, 0x00, 0x00, 0x00, 0xC7, 0x04, 0x02, 0x00, 0x00, 0x00, 0x00, 0x89, 0x35, 0x00, 0x00, 0x00, 0x00, 0x8B, 0x51 }, "xx????x????xxx????xx????xx", clientDll);
if (scan.Success)
{
int tmp = memUtils.Read<int>((IntPtr)(scan.Address.ToInt32() + 7));
CSGOOffsets.Misc.GlowManager = tmp - clientDllBase;
}
}
static void Jump(MemUtils memUtils)
{
scan = memUtils.PerformSignatureScan(new byte[] { 0x89, 0x15, 0x00, 0x00, 0x00, 0x00, 0x8B, 0x15, 0x00, 0x00, 0x00, 0x00, 0xF6, 0xC2, 0x03, 0x74, 0x03, 0x83, 0xCE, 0x08, 0xA8, 0x08, 0xBF }, "xx????xx????xxxxxxxxxxx", clientDll);
if (scan.Success)
{
int tmp = memUtils.Read<int>((IntPtr)(scan.Address.ToInt32() + 2));
CSGOOffsets.Misc.Jump = tmp - clientDllBase;
}
}
static void EntityOff(MemUtils memUtils)
{
scan = memUtils.PerformSignatureScan(new byte[] { 0x05, 0x00, 0x00, 0x00, 0x00, 0xC1, 0xe9, 0x00, 0x39, 0x48, 0x04 }, "x????xx?xxx", clientDll);
if (scan.Success)
{
int tmp = memUtils.Read<int>((IntPtr)(scan.Address.ToInt32() + 1));
byte tmp2 = memUtils.Read<byte>((IntPtr)(scan.Address.ToInt32() + 7));
CSGOOffsets.Misc.EntityList = tmp + tmp2 - clientDllBase;
}
}
static void LocalPlayer(MemUtils memUtils)
{
scan = memUtils.PerformSignatureScan(new byte[] { 0x8D, 0x34, 0x85, 0x00, 0x00, 0x00, 0x00, 0x89, 0x15, 0x00, 0x00, 0x00, 0x00, 0x8B, 0x41, 0x08, 0x8B, 0x48 }, "xxx????xx????xxxxx", clientDll);
if (scan.Success)
{
int tmp = memUtils.Read<int>((IntPtr)(scan.Address.ToInt32() + 3));
byte tmp2 = memUtils.Read<byte>((IntPtr)(scan.Address.ToInt32() + 18));
CSGOOffsets.Misc.LocalPlayer = tmp + tmp2 - clientDllBase;
}
}
private static void PlayerWeaponHandle(MemUtils memUtils)
{
_scan = memUtils.PerformSignatureScan(
new byte[] {0x0F, 0x45, 0xF7, 0x5F, 0x8B, 0x8E, 0x00, 0x00, 0x00, 0x00, 0x5E, 0x83, 0xF9, 0xFF},
"xxxxxx????xxxx", _clientDll);
if (_scan.Success)
{
var tmp = memUtils.Read<int>((IntPtr) (_scan.Address.ToInt32() + 6));
Offsets.NetVars.CCsPlayer.ActiveWeapon = tmp;
}
}
static void PlayerBoneMatrix(MemUtils memUtils)
{
scan = memUtils.PerformSignatureScan(
new byte[] { 0x83, 0x3C, 0xB0, 0xFF, 0x75, 0x15, 0x8B, 0x87, 0x00, 0x00, 0x00, 0x00, 0x8B, 0xCF, 0x8B, 0x17, 0x03, 0x44, 0x24, 0x0C, 0x50 },
"xxxxxxxx????xxxxxxxxx", clientDll);
if (scan.Success)
{
int tmp = memUtils.Read<int>((IntPtr)(scan.Address.ToInt32() + 8));
CSGOOffsets.NetVars.C_CSPlayer.m_hBoneMatrix = tmp;
}
}
/// <summary>
/// Reads the _IMAGE_EXPORT_DIRECTORY of this module from live memory
/// </summary>
/// <param name="memUtils">MemUtils-instance that is used to read data</param>
/// <param name="imageBase">Base-address pf this module in memory</param>
/// <returns></returns>
public _IMAGE_EXPORT_DIRECTORY ReadImageExportDirectory(MemUtils memUtils, IntPtr imageBase)
{
return(memUtils.Read <_IMAGE_EXPORT_DIRECTORY>((IntPtr)(imageBase.ToInt64() + this.PEOptHeader.DataDirectory1.VirtualAddress)));
}
static void PlayerTeamNum(MemUtils memUtils)
{
scan = memUtils.PerformSignatureScan(
new byte[] { 0xCC, 0xCC, 0xCC, 0x8B, 0x89, 0x00, 0x00, 0x00, 0x00, 0xE9, 0x00, 0x00, 0x00, 0x00, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0x8B, 0x81, 0x00, 0x00, 0x00, 0x00, 0xC3, 0xCC, 0xCC },
"xxxxx????x????xxxxxxx????xxx", clientDll);
if (scan.Success)
{
int tmp = memUtils.Read<int>((IntPtr)(scan.Address.ToInt32() + 5));
CSGOOffsets.NetVars.C_BaseEntity.m_iTeamNum = tmp;
}
}
private static void EntityId(MemUtils memUtils)
{
_scan = memUtils.PerformSignatureScan(
new byte[] {0x74, 0x72, 0x80, 0x79, 0x00, 0x00, 0x8B, 0x56, 0x00, 0x89, 0x55, 0x00, 0x74, 0x17},
"xxxx??xx?xx?xx", _clientDll);
if (_scan.Success)
{
var tmp = memUtils.Read<byte>((IntPtr) (_scan.Address.ToInt32() + 8));
Offsets.NetVars.CBaseEntity.Id = tmp;
}
}
/// <summary>
/// Parses a module from memory
/// </summary>
/// <param name="baseAddress">The address of the module to be parsed</param>
/// <param name="length">The size of the module to be parsed</param>
/// <param name="memUtils">MemUtils-instance that is used to dump the module</param>
/// <returns></returns>
public static PEInfo FromMemory(IntPtr baseAddress, int length, MemUtils memUtils)
{
byte[] data = new byte[length];
memUtils.Read(baseAddress, out data, length);
return new PEInfo(data);
}
