public int GetClientClass(MemUtils memUtils) { uint function = memUtils.Read<uint>((IntPtr)(m_iVirtualTable + 2 * 0x04)); if (function != 0xFFFFFFFF) return memUtils.Read<int>((IntPtr)(function + 0x01)); else return -1; }
static void LocalPlayer(MemUtils memUtils) { scan = memUtils.PerformSignatureScan(new byte[] { 0x8D, 0x34, 0x85, 0x00, 0x00, 0x00, 0x00, 0x89, 0x15, 0x00, 0x00, 0x00, 0x00, 0x8B, 0x41, 0x08, 0x8B, 0x48 }, "xxx????xx????xxxxx", clientDll); if (scan.Success) { int tmp = memUtils.Read <int>((IntPtr)(scan.Address.ToInt32() + 3)); byte tmp2 = memUtils.Read <byte>((IntPtr)(scan.Address.ToInt32() + 18)); CSGOOffsets.Misc.LocalPlayer = tmp + tmp2 - clientDllBase; } }
static void EntityOff(MemUtils memUtils) { scan = memUtils.PerformSignatureScan(new byte[] { 0x05, 0x00, 0x00, 0x00, 0x00, 0xC1, 0xe9, 0x00, 0x39, 0x48, 0x04 }, "x????xx?xxx", clientDll); if (scan.Success) { int tmp = memUtils.Read <int>((IntPtr)(scan.Address.ToInt32() + 1)); byte tmp2 = memUtils.Read <byte>((IntPtr)(scan.Address.ToInt32() + 7)); CSGOOffsets.Misc.EntityList = tmp + tmp2 - clientDllBase; } }
/// <summary> /// Initializes a new PEInfo using the given baseaddress of a module /// </summary> /// <param name="baseAddress"></param> /// <param name="memUtils">Instance of MemUtils to use in order to read data</param> public PEInfo(IntPtr baseAddress, MemUtils memUtils) { MemUtils = memUtils; DOSHeader = MemUtils.Read<DOSHeader>(baseAddress); COFFHeaderAddress = new IntPtr(baseAddress.ToInt64() + DOSHeader.e_lfanew + 4); COFFHeader = MemUtils.Read<COFFHeader>(COFFHeaderAddress); PEOptHeaderAddress = new IntPtr(COFFHeaderAddress.ToInt64() + Marshal.SizeOf(typeof(COFFHeader))); PEOptHeader = MemUtils.Read<PEOptHeader>(PEOptHeaderAddress); }
public int GetClassID(MemUtils memUtils) { int clientClass = GetClientClass(memUtils); if (clientClass != -1) return memUtils.Read<int>((IntPtr)(clientClass + 20)); return clientClass; }
/// <summary> /// Parses a module from memory /// </summary> /// <param name="baseAddress">The address of the module to be parsed</param> /// <param name="length">The size of the module to be parsed</param> /// <param name="memUtils">MemUtils-instance that is used to dump the module</param> /// <returns></returns> public static PEInfo FromMemory(IntPtr baseAddress, int length, MemUtils memUtils) { var data = new byte[length]; memUtils.Read(baseAddress, out data, length); return(new PEInfo(data)); }
static void SetViewAngles(MemUtils memUtils) { scan = memUtils.PerformSignatureScan(new byte[] { 0x8B, 0x15, 0x00, 0x00, 0x00, 0x00, 0x8B, 0x4D, 0x08, 0x8B, 0x82, 0x00, 0x00, 0x00, 0x00, 0x89, 0x01, 0x8B, 0x82, 0x00, 0x00, 0x00, 0x00, 0x89, 0x41, 0x04 }, "xx????xxxxx????xxxx????xxx", engineDll); if (scan.Success) { int tmp = memUtils.Read <int>((IntPtr)(scan.Address.ToInt32() + 11)); CSGOOffsets.ClientState.m_dwViewAngles = tmp; } }
static void ClientState(MemUtils memUtils) { scan = memUtils.PerformSignatureScan(new byte[] { 0xC2, 0x00, 0x00, 0xCC, 0xCC, 0x8B, 0x0D, 0x00, 0x00, 0x00, 0x00, 0x33, 0xC0, 0x83, 0xB9 }, "x??xxxx????xxxx", engineDll); if (scan.Success) { int tmp = memUtils.Read <int>((IntPtr)(scan.Address.ToInt32() + 7)); CSGOOffsets.ClientState.Base = tmp - engineDllBase; } }
static void Jump(MemUtils memUtils) { scan = memUtils.PerformSignatureScan(new byte[] { 0x89, 0x15, 0x00, 0x00, 0x00, 0x00, 0x8B, 0x15, 0x00, 0x00, 0x00, 0x00, 0xF6, 0xC2, 0x03, 0x74, 0x03, 0x83, 0xCE, 0x08, 0xA8, 0x08, 0xBF }, "xx????xx????xxxxxxxxxxx", clientDll); if (scan.Success) { int tmp = memUtils.Read <int>((IntPtr)(scan.Address.ToInt32() + 2)); CSGOOffsets.Misc.Jump = tmp - clientDllBase; } }
static void GlowManager(MemUtils memUtils) { scan = memUtils.PerformSignatureScan(new byte[] { 0x8D, 0x8F, 0x00, 0x00, 0x00, 0x00, 0xA1, 0x00, 0x00, 0x00, 0x00, 0xC7, 0x04, 0x02, 0x00, 0x00, 0x00, 0x00, 0x89, 0x35, 0x00, 0x00, 0x00, 0x00, 0x8B, 0x51 }, "xx????x????xxx????xx????xx", clientDll); if (scan.Success) { int tmp = memUtils.Read <int>((IntPtr)(scan.Address.ToInt32() + 7)); CSGOOffsets.Misc.GlowManager = tmp - clientDllBase; } }
static void WeaponTable(MemUtils memUtils) { scan = memUtils.PerformSignatureScan(new byte[] { 0xA1, 0x00, 0x00, 0x00, 0x00, 0x0F, 0xB7, 0xC9, 0x03, 0xC9, 0x8B, 0x44, 0x00, 0x0C, 0xC3 }, "x????xxxxxxx?xx", clientDll); if (scan.Success) { int tmp = memUtils.Read <int>((IntPtr)(scan.Address.ToInt32() + 1)); CSGOOffsets.Misc.WeaponTable = tmp - clientDllBase; } }
static void ClientState(MemUtils memUtils) { scan = memUtils.PerformSignatureScan(new byte[] { 0xC2, 0x00, 0x00, 0xCC, 0xCC, 0x8B, 0x0D, 0x00, 0x00, 0x00, 0x00, 0x33, 0xC0, 0x83, 0xB9 }, "x??xxxx????xxxx", engineDll); if (scan.Success) { int tmp = memUtils.Read<int>((IntPtr)(scan.Address.ToInt32() + 7)); CSGOOffsets.ClientState.Base = tmp - engineDllBase; } }
public CSGOWeapon GetActiveWeapon(MemUtils memUtils) { if (this.m_hActiveWeapon == 0xFFFFFFFF) return new CSGOWeapon() { m_iItemDefinitionIndex = 0, m_iWeaponID = 0 }; uint handle = this.m_hActiveWeapon & 0xFFF; int weapAddress = 0;// Program.entityAddresses[handle - 1]; return memUtils.Read<CSGOWeapon>((IntPtr)weapAddress); }
public string GetName(MemUtils memUtils) { int clientClass = GetClientClass(memUtils); if (clientClass != -1) { int ptr = memUtils.Read<int>((IntPtr)(GetClassID(memUtils) + 8)); return memUtils.ReadString((IntPtr)(ptr + 8), 32, Encoding.ASCII); } return "none"; }
/// <summary> /// Reads the Export Address Table (EAT) of this module from live memory /// </summary> /// <param name="memUtils">MemUtils-instance that is used to read data</param> /// <param name="imageBase">Base-address pf this module in memory</param> /// <param name="ied">The _IMAGE_EXPORT_DIRECTORY of this module</param> /// <returns></returns> public Tuple <string, int>[] ReadExportedFunctions(MemUtils memUtils, IntPtr imageBase, _IMAGE_EXPORT_DIRECTORY ied) { List <Tuple <string, int> > functions = new List <Tuple <string, int> >(); IntPtr lpFunctions = (IntPtr)(imageBase.ToInt64() + ied.AddressOfFunctions); IntPtr lpNames = (IntPtr)(imageBase.ToInt64() + ied.AddressOfNames); for (int i = 0; i < ied.NumberOfFunctions; i++) { int address = memUtils.Read <int>((IntPtr)(lpFunctions.ToInt64() + i * 4)); string name = "?"; if (lpFunctions != lpNames) { int nameAddress = memUtils.Read <int>((IntPtr)(lpNames.ToInt64() + i * 4)); name = memUtils.ReadString((IntPtr)(imageBase.ToInt64() + nameAddress), 64, Encoding.ASCII); } functions.Add(new Tuple <string, int>(name, address)); } return(functions.ToArray()); }
static void SignOnState(MemUtils memUtils) { scan = memUtils.PerformSignatureScan( new byte[] { 0x51, 0xA1, 0x00, 0x00, 0x00, 0x00, 0x8B, 0x51, 0x00, 0x83, 0xB8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7C, 0x40, 0x3B, 0xD1 }, "xx????xx?xx?????xxxx", engineDll); if (scan.Success) { int tmp = memUtils.Read <int>((IntPtr)(scan.Address.ToInt32() + 11)); CSGOOffsets.Misc.SignOnState = tmp; } }
static void PlayerWeaponHandle(MemUtils memUtils) { scan = memUtils.PerformSignatureScan( new byte[] { 0x0F, 0x45, 0xF7, 0x5F, 0x8B, 0x8E, 0x00, 0x00, 0x00, 0x00, 0x5E, 0x83, 0xF9, 0xFF }, "xxxxxx????xxxx", clientDll); if (scan.Success) { int tmp = memUtils.Read <int>((IntPtr)(scan.Address.ToInt32() + 6)); CSGOOffsets.NetVars.C_CSPlayer.m_hActiveWeapon = tmp; } }
static void EntityID(MemUtils memUtils) { scan = memUtils.PerformSignatureScan( new byte[] { 0x74, 0x72, 0x80, 0x79, 0x00, 0x00, 0x8B, 0x56, 0x00, 0x89, 0x55, 0x00, 0x74, 0x17 }, "xxxx??xx?xx?xx", clientDll); if (scan.Success) { byte tmp = memUtils.Read<byte>((IntPtr)(scan.Address.ToInt32() + 8)); CSGOOffsets.NetVars.C_BaseEntity.m_iID = tmp; } }
static void PlayerTeamNum(MemUtils memUtils) { scan = memUtils.PerformSignatureScan( new byte[] { 0xCC, 0xCC, 0xCC, 0x8B, 0x89, 0x00, 0x00, 0x00, 0x00, 0xE9, 0x00, 0x00, 0x00, 0x00, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0x8B, 0x81, 0x00, 0x00, 0x00, 0x00, 0xC3, 0xCC, 0xCC }, "xxxxx????x????xxxxxxx????xxx", clientDll); if (scan.Success) { int tmp = memUtils.Read <int>((IntPtr)(scan.Address.ToInt32() + 5)); CSGOOffsets.NetVars.C_BaseEntity.m_iTeamNum = tmp; } }
static void PlayerBoneMatrix(MemUtils memUtils) { scan = memUtils.PerformSignatureScan( new byte[] { 0x83, 0x3C, 0xB0, 0xFF, 0x75, 0x15, 0x8B, 0x87, 0x00, 0x00, 0x00, 0x00, 0x8B, 0xCF, 0x8B, 0x17, 0x03, 0x44, 0x24, 0x0C, 0x50 }, "xxxxxxxx????xxxxxxxxx", clientDll); if (scan.Success) { int tmp = memUtils.Read <int>((IntPtr)(scan.Address.ToInt32() + 8)); CSGOOffsets.NetVars.C_CSPlayer.m_hBoneMatrix = tmp; } }
static void EntityVecOrigin(MemUtils memUtils) { scan = memUtils.PerformSignatureScan( new byte[] { 0x8A, 0x0E, 0x80, 0xE1, 0xFC, 0x0A, 0xC8, 0x88, 0x0E, 0xF3, 0x00, 0x00, 0x87, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87, 0x00, 0x00, 0x00, 0x00, 0x9F }, "xxxxxxxxxx??x??????x????x", clientDll); if (scan.Success) { int tmp = memUtils.Read <int>((IntPtr)(scan.Address.ToInt32() + 13)); CSGOOffsets.NetVars.C_BaseEntity.m_vecOrigin = tmp; } }
static void EntityHealth(MemUtils memUtils) { scan = memUtils.PerformSignatureScan( new byte[] { 0x8B, 0x41, 0x00, 0x89, 0x41, 0x00, 0x8B, 0x41, 0x00, 0x89, 0x41, 0x00, 0x8B, 0x41, 0x00, 0x89, 0x41, 0x00, 0x8B, 0x4F, 0x00, 0x83, 0xB9, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7F, 0x2E }, "xx?xx?xx?xx?xx?xx?xx?xx????xxx", clientDll); if (scan.Success) { int tmp = memUtils.Read <int>((IntPtr)(scan.Address.ToInt32() + 23)); CSGOOffsets.NetVars.C_BaseEntity.m_iHealth = tmp; } }
static void EntityID(MemUtils memUtils) { scan = memUtils.PerformSignatureScan( new byte[] { 0x74, 0x72, 0x80, 0x79, 0x00, 0x00, 0x8B, 0x56, 0x00, 0x89, 0x55, 0x00, 0x74, 0x17 }, "xxxx??xx?xx?xx", clientDll); if (scan.Success) { byte tmp = memUtils.Read <byte>((IntPtr)(scan.Address.ToInt32() + 8)); CSGOOffsets.NetVars.C_BaseEntity.m_iID = tmp; } }
static void EntityHealth(MemUtils memUtils) { scan = memUtils.PerformSignatureScan( new byte[] { 0x8B, 0x41, 0x00, 0x89, 0x41, 0x00, 0x8B, 0x41, 0x00, 0x89, 0x41, 0x00, 0x8B, 0x41, 0x00, 0x89, 0x41, 0x00, 0x8B, 0x4F, 0x00, 0x83, 0xB9, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7F, 0x2E }, "xx?xx?xx?xx?xx?xx?xx?xx????xxx", clientDll); if (scan.Success) { int tmp = memUtils.Read<int>((IntPtr)(scan.Address.ToInt32() + 23)); CSGOOffsets.NetVars.C_BaseEntity.m_iHealth = tmp; } }
private static void GameResources(MemUtils memUtils) { scan = memUtils.PerformSignatureScan(new byte[] { 0x89, 0x4D, 0xF4, //mov [ebp-0C],ecx 0x8B, 0x0D, 0x00, 0x00, 0x00, 0x00, //mov ecx,[engine.dll+xxxx] 0x53, //push ebx 0x56, //push esi 0x57, //push edi 0x8B, 0x01 }, "xxxxx????xxxxx", engineDll); if (scan.Success) { int address, pointer, offset; pointer = memUtils.Read <int>((IntPtr)(scan.Address.ToInt32() + 5)) - engineDllBase; scan = memUtils.PerformSignatureScan(new byte[] { 0xCC, //int 3 0xCC, //int 3 0x55, //push ebp 0x8B, 0xEC, //mov ebp,esp 0x8B, 0x45, 0x08, //mov eax,[ebp+08] 0x8B, 0x44, 0xC1, 0x00, //mov eax,[acx+eax*8+xx] 0x5D, //pop ebp 0xC2, 0x00, 0x00, //ret 0004 0xCC, //int 3 0xCC }, "xxxxxxxxxxx?xx??xx", clientDll); if (scan.Success) { offset = memUtils.Read <byte>((IntPtr)(scan.Address.ToInt32() + 11)); address = memUtils.Read <int>((IntPtr)(engineDllBase + pointer)); address = address + 0x46 * 8 + offset; address -= clientDllBase; CSGOOffsets.GameResources.Base = address; } } }
static void vMatrix(MemUtils memUtils) { scan = memUtils.PerformSignatureScan(new byte[] { 0x53, 0x8B, 0xDC, 0x83, 0xEC, 0x08, 0x83, 0xE4, 0xF0, 0x83, 0xC4, 0x04, 0x55, 0x8B, 0x6B, 0x04, 0x89, 0x6C, 0x24, 0x04, 0x8B, 0xEC, 0xA1, 0x00, 0x00, 0x00, 0x00, 0x81, 0xEC, 0x98, 0x03, 0x00, 0x00 }, "xxxxxxxxxxxxxxxxxxxxxxx????xxxxxx", clientDll); if (scan.Success) { int address = memUtils.Read <int>((IntPtr)(scan.Address.ToInt32() + +0x4EE)); address -= clientDllBase; address += 0x80; CSGOOffsets.Misc.ViewMatrix = address; } }
static void SignOnState(MemUtils memUtils) { scan = memUtils.PerformSignatureScan( new byte[] { 0x51, 0xA1, 0x00, 0x00, 0x00, 0x00, 0x8B, 0x51, 0x00, 0x83, 0xB8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7C, 0x40, 0x3B, 0xD1 }, "xx????xx?xx?????xxxx", engineDll); if (scan.Success) { int tmp = memUtils.Read<int>((IntPtr)(scan.Address.ToInt32() + 11)); CSGOOffsets.Misc.SignOnState = tmp; } }
static void PlayerWeaponHandle(MemUtils memUtils) { scan = memUtils.PerformSignatureScan( new byte[] { 0x0F, 0x45, 0xF7, 0x5F, 0x8B, 0x8E, 0x00, 0x00, 0x00, 0x00, 0x5E, 0x83, 0xF9, 0xFF }, "xxxxxx????xxxx", clientDll); if (scan.Success) { int tmp = memUtils.Read<int>((IntPtr)(scan.Address.ToInt32() + 6)); CSGOOffsets.NetVars.C_CSPlayer.m_hActiveWeapon = tmp; } }
static void SetViewAngles(MemUtils memUtils) { scan = memUtils.PerformSignatureScan(new byte[] { 0x8B, 0x15, 0x00, 0x00, 0x00, 0x00, 0x8B, 0x4D, 0x08, 0x8B, 0x82, 0x00, 0x00, 0x00, 0x00, 0x89, 0x01, 0x8B, 0x82, 0x00, 0x00, 0x00, 0x00, 0x89, 0x41, 0x04 }, "xx????xxxxx????xxxx????xxx", engineDll); if (scan.Success) { int tmp = memUtils.Read<int>((IntPtr)(scan.Address.ToInt32() + 11)); CSGOOffsets.ClientState.m_dwViewAngles = tmp; } }
public virtual void ReadValue(int baseAddress, MemUtils memUtils) { this.Value = memUtils.Read <T>((IntPtr)(baseAddress + this.Offset)); this.ValueRead = true; }
/// <summary> /// Reads the _IMAGE_EXPORT_DIRECTORY of this module from live memory /// </summary> /// <param name="memUtils">MemUtils-instance that is used to read data</param> /// <param name="imageBase">Base-address pf this module in memory</param> /// <returns></returns> public _IMAGE_EXPORT_DIRECTORY ReadImageExportDirectory(MemUtils memUtils, IntPtr imageBase) { return memUtils.Read<_IMAGE_EXPORT_DIRECTORY>((IntPtr)(imageBase.ToInt64() + this.PEOptHeader.DataDirectory1.VirtualAddress)); }
private static void PlayerTeamNum(MemUtils memUtils) { _scan = memUtils.PerformSignatureScan( new byte[] { 0xCC, 0xCC, 0xCC, 0x8B, 0x89, 0x00, 0x00, 0x00, 0x00, 0xE9, 0x00, 0x00, 0x00, 0x00, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0x8B, 0x81, 0x00, 0x00, 0x00, 0x00, 0xC3, 0xCC, 0xCC }, "xxxxx????x????xxxxxxx????xxx", _clientDll); if (_scan.Success) { var tmp = memUtils.Read<int>((IntPtr) (_scan.Address.ToInt32() + 5)); Offsets.NetVars.CBaseEntity.TeamNum = tmp; } }
static void EntityVecOrigin(MemUtils memUtils) { scan = memUtils.PerformSignatureScan( new byte[] { 0x8A, 0x0E, 0x80, 0xE1, 0xFC, 0x0A, 0xC8, 0x88, 0x0E, 0xF3, 0x00, 0x00, 0x87, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87, 0x00, 0x00, 0x00, 0x00, 0x9F }, "xxxxxxxxxx??x??????x????x", clientDll); if (scan.Success) { int tmp = memUtils.Read<int>((IntPtr)(scan.Address.ToInt32() + 13)); CSGOOffsets.NetVars.C_BaseEntity.m_vecOrigin = tmp; } }
private static void EntityHealth(MemUtils memUtils) { _scan = memUtils.PerformSignatureScan( new byte[] { 0x8B, 0x41, 0x00, 0x89, 0x41, 0x00, 0x8B, 0x41, 0x00, 0x89, 0x41, 0x00, 0x8B, 0x41, 0x00, 0x89, 0x41, 0x00, 0x8B, 0x4F, 0x00, 0x83, 0xB9, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7F, 0x2E }, "xx?xx?xx?xx?xx?xx?xx?xx????xxx", _clientDll); if (_scan.Success) { var tmp = memUtils.Read<int>((IntPtr) (_scan.Address.ToInt32() + 23)); Offsets.NetVars.CBaseEntity.Health = tmp; } }
/// <summary> /// Reads the Export Address Table (EAT) of this module from live memory /// </summary> /// <param name="memUtils">MemUtils-instance that is used to read data</param> /// <param name="imageBase">Base-address pf this module in memory</param> /// <param name="ied">The _IMAGE_EXPORT_DIRECTORY of this module</param> /// <returns></returns> public Tuple<string, int>[] ReadExportedFunctions(MemUtils memUtils, IntPtr imageBase, _IMAGE_EXPORT_DIRECTORY ied) { List<Tuple<string, int>> functions = new List<Tuple<string, int>>(); IntPtr lpFunctions = (IntPtr)(imageBase.ToInt64() + ied.AddressOfFunctions); IntPtr lpNames = (IntPtr)(imageBase.ToInt64() + ied.AddressOfNames); for (int i = 0; i < ied.NumberOfFunctions; i++) { int address = memUtils.Read<int>((IntPtr)(lpFunctions.ToInt64() + i * 4)); string name = "?"; if (lpFunctions != lpNames) { int nameAddress = memUtils.Read<int>((IntPtr)(lpNames.ToInt64() + i * 4)); name = memUtils.ReadString((IntPtr)(imageBase.ToInt64() + nameAddress), 64, Encoding.ASCII); } functions.Add(new Tuple<string, int>(name, address)); } return functions.ToArray(); }
static void vMatrix(MemUtils memUtils) { scan = memUtils.PerformSignatureScan(new byte[] { 0x53, 0x8B, 0xDC, 0x83, 0xEC, 0x08, 0x83, 0xE4, 0xF0, 0x83, 0xC4, 0x04, 0x55, 0x8B, 0x6B, 0x04, 0x89, 0x6C, 0x24, 0x04, 0x8B, 0xEC, 0xA1, 0x00, 0x00, 0x00, 0x00, 0x81, 0xEC, 0x98, 0x03, 0x00, 0x00 }, "xxxxxxxxxxxxxxxxxxxxxxx????xxxxxx", clientDll); if (scan.Success) { int address = memUtils.Read<int>((IntPtr)(scan.Address.ToInt32() + +0x4EE)); address -= clientDllBase; address += 0x80; CSGOOffsets.Misc.ViewMatrix = address; } }
static void WeaponTable(MemUtils memUtils) { scan = memUtils.PerformSignatureScan(new byte[] { 0xA1, 0x00, 0x00, 0x00, 0x00, 0x0F, 0xB7, 0xC9, 0x03, 0xC9, 0x8B, 0x44, 0x00, 0x0C, 0xC3 }, "x????xxxxxxx?xx", clientDll); if (scan.Success) { int tmp = memUtils.Read<int>((IntPtr)(scan.Address.ToInt32() + 1)); CSGOOffsets.Misc.WeaponTable = tmp - clientDllBase; } }
private static void GameResources(MemUtils memUtils) { scan = memUtils.PerformSignatureScan(new byte[]{ 0x89, 0x4D, 0xF4, //mov [ebp-0C],ecx 0x8B, 0x0D, 0x00, 0x00, 0x00, 0x00, //mov ecx,[engine.dll+xxxx] 0x53, //push ebx 0x56, //push esi 0x57, //push edi 0x8B, 0x01 }, "xxxxx????xxxxx", engineDll); if (scan.Success) { int address, pointer, offset; pointer = memUtils.Read<int>((IntPtr)(scan.Address.ToInt32() + 5)) - engineDllBase; scan = memUtils.PerformSignatureScan(new byte[] { 0xCC, //int 3 0xCC, //int 3 0x55, //push ebp 0x8B, 0xEC, //mov ebp,esp 0x8B, 0x45, 0x08, //mov eax,[ebp+08] 0x8B, 0x44, 0xC1, 0x00, //mov eax,[acx+eax*8+xx] 0x5D, //pop ebp 0xC2, 0x00, 0x00, //ret 0004 0xCC, //int 3 0xCC }, "xxxxxxxxxxx?xx??xx", clientDll); if (scan.Success) { offset = memUtils.Read<byte>((IntPtr)(scan.Address.ToInt32() + 11)); address = memUtils.Read<int>((IntPtr)(engineDllBase + pointer)); address = address + 0x46 * 8 + offset; address -= clientDllBase; CSGOOffsets.GameResources.Base = address; } } }
static void GlowManager(MemUtils memUtils) { scan = memUtils.PerformSignatureScan(new byte[] { 0x8D, 0x8F, 0x00, 0x00, 0x00, 0x00, 0xA1, 0x00, 0x00, 0x00, 0x00, 0xC7, 0x04, 0x02, 0x00, 0x00, 0x00, 0x00, 0x89, 0x35, 0x00, 0x00, 0x00, 0x00, 0x8B, 0x51 }, "xx????x????xxx????xx????xx", clientDll); if (scan.Success) { int tmp = memUtils.Read<int>((IntPtr)(scan.Address.ToInt32() + 7)); CSGOOffsets.Misc.GlowManager = tmp - clientDllBase; } }
static void Jump(MemUtils memUtils) { scan = memUtils.PerformSignatureScan(new byte[] { 0x89, 0x15, 0x00, 0x00, 0x00, 0x00, 0x8B, 0x15, 0x00, 0x00, 0x00, 0x00, 0xF6, 0xC2, 0x03, 0x74, 0x03, 0x83, 0xCE, 0x08, 0xA8, 0x08, 0xBF }, "xx????xx????xxxxxxxxxxx", clientDll); if (scan.Success) { int tmp = memUtils.Read<int>((IntPtr)(scan.Address.ToInt32() + 2)); CSGOOffsets.Misc.Jump = tmp - clientDllBase; } }
static void EntityOff(MemUtils memUtils) { scan = memUtils.PerformSignatureScan(new byte[] { 0x05, 0x00, 0x00, 0x00, 0x00, 0xC1, 0xe9, 0x00, 0x39, 0x48, 0x04 }, "x????xx?xxx", clientDll); if (scan.Success) { int tmp = memUtils.Read<int>((IntPtr)(scan.Address.ToInt32() + 1)); byte tmp2 = memUtils.Read<byte>((IntPtr)(scan.Address.ToInt32() + 7)); CSGOOffsets.Misc.EntityList = tmp + tmp2 - clientDllBase; } }
static void LocalPlayer(MemUtils memUtils) { scan = memUtils.PerformSignatureScan(new byte[] { 0x8D, 0x34, 0x85, 0x00, 0x00, 0x00, 0x00, 0x89, 0x15, 0x00, 0x00, 0x00, 0x00, 0x8B, 0x41, 0x08, 0x8B, 0x48 }, "xxx????xx????xxxxx", clientDll); if (scan.Success) { int tmp = memUtils.Read<int>((IntPtr)(scan.Address.ToInt32() + 3)); byte tmp2 = memUtils.Read<byte>((IntPtr)(scan.Address.ToInt32() + 18)); CSGOOffsets.Misc.LocalPlayer = tmp + tmp2 - clientDllBase; } }
private static void PlayerWeaponHandle(MemUtils memUtils) { _scan = memUtils.PerformSignatureScan( new byte[] {0x0F, 0x45, 0xF7, 0x5F, 0x8B, 0x8E, 0x00, 0x00, 0x00, 0x00, 0x5E, 0x83, 0xF9, 0xFF}, "xxxxxx????xxxx", _clientDll); if (_scan.Success) { var tmp = memUtils.Read<int>((IntPtr) (_scan.Address.ToInt32() + 6)); Offsets.NetVars.CCsPlayer.ActiveWeapon = tmp; } }
static void PlayerBoneMatrix(MemUtils memUtils) { scan = memUtils.PerformSignatureScan( new byte[] { 0x83, 0x3C, 0xB0, 0xFF, 0x75, 0x15, 0x8B, 0x87, 0x00, 0x00, 0x00, 0x00, 0x8B, 0xCF, 0x8B, 0x17, 0x03, 0x44, 0x24, 0x0C, 0x50 }, "xxxxxxxx????xxxxxxxxx", clientDll); if (scan.Success) { int tmp = memUtils.Read<int>((IntPtr)(scan.Address.ToInt32() + 8)); CSGOOffsets.NetVars.C_CSPlayer.m_hBoneMatrix = tmp; } }
/// <summary> /// Reads the _IMAGE_EXPORT_DIRECTORY of this module from live memory /// </summary> /// <param name="memUtils">MemUtils-instance that is used to read data</param> /// <param name="imageBase">Base-address pf this module in memory</param> /// <returns></returns> public _IMAGE_EXPORT_DIRECTORY ReadImageExportDirectory(MemUtils memUtils, IntPtr imageBase) { return(memUtils.Read <_IMAGE_EXPORT_DIRECTORY>((IntPtr)(imageBase.ToInt64() + this.PEOptHeader.DataDirectory1.VirtualAddress))); }
static void PlayerTeamNum(MemUtils memUtils) { scan = memUtils.PerformSignatureScan( new byte[] { 0xCC, 0xCC, 0xCC, 0x8B, 0x89, 0x00, 0x00, 0x00, 0x00, 0xE9, 0x00, 0x00, 0x00, 0x00, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0x8B, 0x81, 0x00, 0x00, 0x00, 0x00, 0xC3, 0xCC, 0xCC }, "xxxxx????x????xxxxxxx????xxx", clientDll); if (scan.Success) { int tmp = memUtils.Read<int>((IntPtr)(scan.Address.ToInt32() + 5)); CSGOOffsets.NetVars.C_BaseEntity.m_iTeamNum = tmp; } }
private static void EntityId(MemUtils memUtils) { _scan = memUtils.PerformSignatureScan( new byte[] {0x74, 0x72, 0x80, 0x79, 0x00, 0x00, 0x8B, 0x56, 0x00, 0x89, 0x55, 0x00, 0x74, 0x17}, "xxxx??xx?xx?xx", _clientDll); if (_scan.Success) { var tmp = memUtils.Read<byte>((IntPtr) (_scan.Address.ToInt32() + 8)); Offsets.NetVars.CBaseEntity.Id = tmp; } }
/// <summary> /// Parses a module from memory /// </summary> /// <param name="baseAddress">The address of the module to be parsed</param> /// <param name="length">The size of the module to be parsed</param> /// <param name="memUtils">MemUtils-instance that is used to dump the module</param> /// <returns></returns> public static PEInfo FromMemory(IntPtr baseAddress, int length, MemUtils memUtils) { byte[] data = new byte[length]; memUtils.Read(baseAddress, out data, length); return new PEInfo(data); }