Question Arma 3 Cheats How to find offsets?

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

Tarolion

Newbie
Full Member
Nobleman
Mar 12, 2015
42
258
1
Hi Guys,

My Aim is to make a C# External ESP that uses only RPM's. I am also thinking of creating an anti weapon sway, also using RPM's and simulated Mouse Movements. However I am struggling to find memory

I'm looking to get Addresses to Arma 3 player positions but I feel really lost. Whats the best way to go about finding their base addresses?

I have tried using Cheat Engine to search as I would with other games, but I keep hitting loads of pointers, and getting lost in my searches. I can't help feeling there must be an easier way to do this?
 

c5

Kim Kong Trasher
Dank Tier VIP
Dank Tier Donator
Jul 19, 2012
1,187
12,638
76
Cheat Engine or reverse the scripting functions. I would go, and I normally do with RV engine, with the latter one + IDA (or any debugger really).
 

Tarolion

Newbie
Full Member
Nobleman
Mar 12, 2015
42
258
1
Are there any good tutorials for these programs around? I have tried looking, but maybe I'm not looking in the right places?

I just noticed a couple of tutorals here, including yours, which I will read now (didn't notice it earlier)

Also in the Arma 3 Reversals Thread. Are the offsets on the second page good for 1.4?

As for the RV engine i've not heard of that, what is it?
With IDA, I have heard of it, but not used it. I downloaded it today, do you know any good tutorials on how to use it?

Finally, Are there any tutorials on how to use these in code?

I know my questions are noobish but i really want to learn this stuff.
 
Last edited:

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,140
78,998
2,394
There is only 1 way to do this, the HARD WAY. Welcome to the forum, I would personally recommend reading every single thread here, we have a wealth of knowledge at your fingertips and so many questions have already been answered.

If previously posted threads and google cannot answer your question then that is prime time to create your own thread.

Make sure you do all the Cheat Engine tutorials and Fleep''s first 2-3 video tutorials, if you can accomplish those then you are ready to hack your own chosen game!

Here are some good threads to get you started:
https://guidedhacking.com/showthread.php?4348-Read-Before-Asking-(Especially-Aimbot-amp-ESP)
https://guidedhacking.com/showthread.php?5911-The-Road-To-Hacking
https://guidedhacking.com/showthread.php?518-Starting-Your-Journey-Into-Hacking

Personally I always use pointer scanner because I'm a nub :)
 

Syntax Error

Coder
Silenced
Meme Tier VIP
Nov 6, 2014
239
2,928
6
If you havent already, be sure to check out Fleeps Cheat Engine tutorial.
https://www.youtube.com/watch?v=EzZ259yac-4&list=PLF7E7487FE8AEA4D2
You might also want to check these videos out.
https://www.youtube.com/watch?v=hgrIKUR5Hww

Fleep also has an ollydbg tutorial that you can check out.
https://www.youtube.com/watch?v=BHYjxsDROn4

As far as IDA pro tutorials, why not check out the unofficial guide.
https://coolfire.insomnia247.nl/BMA/The.IDA.Pro.Book.2nd.Edition.Jun.2011.pdf

Best of luck. :)
 

Tarolion

Newbie
Full Member
Nobleman
Mar 12, 2015
42
258
1
Thank you both so much.

I will start going through these tutorials (Already did Fleep's tutorials on making a C# trainer for Assault Cube).

I appreciate the help.
Once I have worked my way through these I will post back here again.
 

Tarolion

Newbie
Full Member
Nobleman
Mar 12, 2015
42
258
1
Thank you both so much.

I will start going through these tutorials (Already did Fleep's tutorials on making a C# trainer for Assault Cube).

I appreciate the help.
Once I have worked my way through these I will post back here again.
Firstly I'm sorry for the double post, but here are my results...

After Hours of blood sweat and tears, I have found the following:

World: 0x15FD33C
NetworkManager: 0x15E9958

EntTable MasterTables: 0xB84, 0xE2C, 0x10D0
EntTable Slave Tables: 0x4, 0xAC, 0x154, 0x1FC

PlayerOn: 0x170C
CameraOn: 0x1704
RealPlayer: 0x1710

Entity Link: 0x4
Visual State: 0x68

Bone X Positions:
Head: 0x114
Feet: 0x28

for Y Position add 0x4 to X position offset.
for Z position add 0x8 to X position Offset.

The above offsets were found using the Latest version of the game updated yesterday.

I have a question though... How do I now read Entities from the EntTable?

I found how to read the local Player Offset using this:

world + CameraOn] + EntityLink] + VisualState] + bonePositionOffset]

so to find the position of the players head I'd use the offsets:

X Position: 0x15FD33C + 0x1704] + 0x4] + 0x68] + 0x114]
Y Position: 0x15FD33C + 0x1704] + 0x4] + 0x68] + 0x118]
Z Position: 0x15FD33C + 0x1704] + 0x4] + 0x68] + 0x11C]

And this works perfectly, However if I try to read it from the Entity Tables using:

X Position: 0x15FD33C + 0xB84] + 0x4] + 0x0(I am assuming the Itterator goes here...?)] + 0x4 (Entity Link)] + 0x68] + 0x114]

I assumed that would give me the X Position but it fails... Does anyone know why? When i tried to read it through Cheat Engine to confirm that it was correct, it reads up to my itterator, then drops out to ????????'s instead of addresses, or values.

Something else I'm having trouble finding is the size of that Table, I thought it was supposed to be at 0x15FD33C + 0xB84] + 0x8] but that value returns something in the 20k - 30k range , and I only have 2 squads + myself in my test mission.

Once I have this figured out, I will write a tutorial on this part of the forum on how i found them, along with how to read from this entity table which appears to be a ridiculously painful process.
 
Last edited:

c5

Kim Kong Trasher
Dank Tier VIP
Dank Tier Donator
Jul 19, 2012
1,187
12,638
76
0x15FD33C] + 0xB84 + 0x4] + iterator (i)] + 0x68] + 0x114]

Follow the path through with ReClass, it should make sense.

Edit. Haven't worked on arma series for a while but ^ should be the correct way from the top of my head.
 
Last edited:

Tarolion

Newbie
Full Member
Nobleman
Mar 12, 2015
42
258
1
0x15FD33C] + 0xB84 + 0x4] + iterator (i)] + 0x68] + 0x114]

Follow the path through with ReClass, it should make sense.

Edit. Haven't worked on arma series for a while but ^ should be the correct way from the top of my head.
Thanks for the suggestion, Unfortunately I've already tried this, and I've hit dead ends every time :(. It seems like I get to the slave table fine, but then the pointers disappear and it all goes wrong :(

In Arma there are other master and slave tables as well, so I tried those too, but no luck...

This is where I end up:

I couldn't be bothered to add loads of kilobytes until I got to 15FD33C just to read the world address, so I decided to use Cheat Engine to find my base:


Then I checked I was in the right place by finding player coords and comparing it to my hack reading it from the position offsets:
Reclass:


Arma ScreenShot:


I know they are slightly off, I accidently turned the character when I was trying to grab the Snip using the snipping tool, but as you can see its basically right.

Now my Ent Table positions, I'm only showing these for one master table, but I get the same info repeated from the other master tables:

First slave table in the E2C Master Table:


Second Slave Table:


Third slave table:


Final slave Table:


Now I guess the only thing that comes to mind is that, surely the offsets are wrong. (Truth be told I'm sure this is what it is.) But here is my IDA screenshots in case I'm reading it wrong:
Master Tables:


Slave Tables:



So the question is, am I reading these right?, Do I have the correct Offsets?

Frankly Its getting me down, because this is the last thing that needs sorting before my 2D radar will start working, and I've spent 3 days now trawling through offsets, Reclass and IDA to find this god forsaken Table, and Nothing I have tried to date has worked...

Once I've figured this out. I'm definitely writing a tutorial on it. This has been such a grueling and disheartening experience trying to find how to read this table, I can't imagine how many people would benefit from a little help on this. (Waits for the moment someone tells me I'm being totally stupid and its really easy.)
 
Last edited:

c5

Kim Kong Trasher
Dank Tier VIP
Dank Tier Donator
Jul 19, 2012
1,187
12,638
76
I already said, don't dereference those master tables.

It's

DWORD dwMasterTableBase = dwMasterOffsets[0] + *(DWORD*)CLIENTPTR;
DWORD dwSubtable = dwMasterTableBase + 0x4 + dwSubTables[0];
int subTableSize = *(int*)(dwSubtable + 0x4);

first entity would be **(DWORD**)dwSubtable
 

Tarolion

Newbie
Full Member
Nobleman
Mar 12, 2015
42
258
1
Oh, I get you, apologies let me try that now :)

But I have to be honest, I don't know at all how to read DWords.... I've seen it done in C++ but I don't understand it. Would you be able to please shed some light on it for me?
 

c5

Kim Kong Trasher
Dank Tier VIP
Dank Tier Donator
Jul 19, 2012
1,187
12,638
76
Oh, I get you, apologies let me try that now :)

But I have to be honest, I don't know at all how to read DWords.... I've seen it done in C++ but I don't understand it. Would you be able to please shed some light on it for me?
Every time im reading a dword im dereferencing a pointer, doing ] in your words
 

Tarolion

Newbie
Full Member
Nobleman
Mar 12, 2015
42
258
1
Every time im reading a dword im dereferencing a pointer, doing ] in your words
Ok, I'm confused.... :( But I think I have it in my code because i am now getting coordinates, but the size I am getting is totally wrong.

The size of the table that i'm finding in Reclass appears to be 10 units because that's how many coordinates are visible. However the size of my table according to the +0x4 location is about 201 thousand, which is wrong.

Am I doing this right in Reclass?




Also the coordinates are not really Following my 2D radar but that could easily be a problem with the radar.
 
Last edited:

c5

Kim Kong Trasher
Dank Tier VIP
Dank Tier Donator
Jul 19, 2012
1,187
12,638
76
Show me the fixed coded then, I can't read your mind. IDA view of the tables won't help me.
 

Tarolion

Newbie
Full Member
Nobleman
Mar 12, 2015
42
258
1
Show me the fixed coded then, I can't read your mind. IDA view of the tables won't help me.
I was copying and pasting my code here, but its easier just to attach my code files. So here are the virus scans of the zip:

https://www.virustotal.com/en/file/...ce902295a4b75de024a0f0ef/analysis/1429437619/

https://virusscan.jotti.org/en/scanresult/88c5b902a318333eff70b9b3abe54a9f7cf917e8

Also would it be ok, if we exchanged skype information privately, I think that would make life a lot easier. I am planning on writing a guide on how to do this once I have solved it anyway.

Edit: My Apologies for my last post being wrong. I uploaded the wrong image by accident... Alnighters will do that to you.
 

Attachments

Last edited:

c5

Kim Kong Trasher
Dank Tier VIP
Dank Tier Donator
Jul 19, 2012
1,187
12,638
76
Your table reading still doesn't make any sense.

But since you are atleast trying..

C++:
// first take world, der that pointer to the class itself
unsigned int World = Memory.ReadMemory(Memory.ReadProcess, world, 4);

// now get the first and second (for luls) slave table which is under the master table. they are both in the World class.
unsigned int firstTable = Memory.ReadMemory(Memory.ReadProcess, World + masterTableOffsets[0] + slaveTableOffsets[0] + 4 , 4);
unsigned int secondTable = Memory.ReadMemory(Memory.ReadProcess, World + masterTableOffsets[0] + slaveTableOffsets[1] + 4, 4);

int firstTableSize = Memory.ReadMemory(Memory.ReadProcess, World + masterTableOffsets[0] + slaveTableOffsets[0] + 8 , 4); 

// now iterate according to table size...
for (int i = 0; i < firstTableSize; i++)
{
unsigned int entity = Memory.ReadMemory(Memory.ReadProcess, firstTable + i * 4, 4); 
and now you have entity pointer, from here on deref visualstate and read coords.. ezpz
}
Stop using those ReadPointer multilevel pointer reading crapshit that just confuses you (and the rest of the world), go step by step dont just throw a shitload of offsets in an array to a function and expect it to work. Who invented this crap should be sued for giving it to noobs who dont have a clue what they are doing with it or what it is doing ..
 
Last edited:

Tarolion

Newbie
Full Member
Nobleman
Mar 12, 2015
42
258
1
Your table reading still doesn't make any sense.

But since you are atleast trying..

C++:
// first take world, der that pointer to the class itself
unsigned int World = Memory.ReadMemory(Memory.ReadProcess, world, 4);

// now get the first and second (for luls) slave table which is under the master table. they are both in the World class.
unsigned int firstTable = Memory.ReadMemory(Memory.ReadProcess, World + masterTableOffsets[0] + slaveTableOffsets[0] + 4 , 4);
unsigned int secondTable = Memory.ReadMemory(Memory.ReadProcess, World + masterTableOffsets[0] + slaveTableOffsets[1] + 4, 4);

int firstTableSize = Memory.ReadMemory(Memory.ReadProcess, World + masterTableOffsets[0] + slaveTableOffsets[0] + 8 , 4); 

// now iterate according to table size...
for (int i = 0; i < firstTableSize; i++)
{
unsigned int entity = Memory.ReadMemory(Memory.ReadProcess, firstTable + i * 4, 4); 
and now you have entity pointer, from here on deref visualstate and read coords.. ezpz
}
Stop using those ReadPointer multilevel pointer reading crapshit that just confuses you (and the rest of the world), go step by step dont just throw a shitload of offsets in an array to a function and expect it to work. Who invented this crap should be sued for giving it to noobs who dont have a clue what they are doing with it or what it is doing ..
I can't think you enough for your help already, I just have a few question about the data structure if you don't mind.

What are the differences between the slave tables, because they definately do not look like they are all the same?
And what are the differences between the master tables?

I am asking because earlier I was detecting the positions of units using the E2C master table, but then out of the blue that stopped working
and it appeared to switch to the B88 master table... and I'm not sure what to make of it. Is this simply one of many ways to prevent us cheating?

Also I've just started playing around with what you've given me to understand it better, and I decided to try to read the all the table sizes for each master table, and I managed to output this:

MasterTable: 2952 first Table Size: 0
MasterTable: 2952 secon Table Size: 2164260620
MasterTable: 2952 third Table Size: 0
MasterTable: 2952 forth Table Size: 2164260620
MasterTable: 3628 first Table Size: 137
MasterTable: 3628 secon Table Size: 0
MasterTable: 3628 third Table Size: 158
MasterTable: 3628 forth Table Size: 0
MasterTable: 4304 first Table Size: 2164260611
MasterTable: 4304 secon Table Size: 21002796
MasterTable: 4304 third Table Size: 21402844
MasterTable: 4304 forth Table Size: 1953710194
However, none of the sizes match the number of actors in my scene. I have 8 actors in my scene, and 9 including the player.

I haven't modified the code much, just to include the other slave tables, and calculate their sizes. I checked this in reclass and the values are coming out the same there. Is there something I am missing?

Here is what I have changed:

C#:
int bRead;

            // int mastTable = masterTables[1];

            foreach (int mastTable in masterTables)
            {
                Vector3 plyPos = GetUnitPosition(worldOffset, localPlayerOffsets, feetPositionOffset);

                // first take world, der that pointer to the class itself
                uint world = BitConverter.ToUInt32(Memory.ReadMemory(Memory.ReadProcess, worldOffset, 4, out bRead), 0);

                // now get the first and second (for luls) slave table which is under the master table. they are both in the World class.
                uint firstTable = BitConverter.ToUInt32(Memory.ReadMemory(Memory.ReadProcess, (worldOffset + mastTable + slaveTables[0] + 4), 4, out bRead), 0);
                uint seconTable = BitConverter.ToUInt32(Memory.ReadMemory(Memory.ReadProcess, (worldOffset + mastTable + slaveTables[1] + 4), 4, out bRead), 0);
                uint thirdTable = BitConverter.ToUInt32(Memory.ReadMemory(Memory.ReadProcess, (worldOffset + mastTable + slaveTables[2] + 4), 4, out bRead), 0);
                uint forthTable = BitConverter.ToUInt32(Memory.ReadMemory(Memory.ReadProcess, (worldOffset + mastTable + slaveTables[3] + 4), 4, out bRead), 0);

                uint firstTableSize = BitConverter.ToUInt32(Memory.ReadMemory(Memory.ReadProcess, (worldOffset + mastTable + slaveTables[0] + 8), 4, out bRead), 0);
                uint seconTableSize = BitConverter.ToUInt32(Memory.ReadMemory(Memory.ReadProcess, (worldOffset + mastTable + slaveTables[1] + 8), 4, out bRead), 0);
                uint thirdTableSize = BitConverter.ToUInt32(Memory.ReadMemory(Memory.ReadProcess, (worldOffset + mastTable + slaveTables[2] + 8), 4, out bRead), 0);
                uint forthTableSize = BitConverter.ToUInt32(Memory.ReadMemory(Memory.ReadProcess, (worldOffset + mastTable + slaveTables[3] + 8), 4, out bRead), 0);

                // // now iterate according to table size...
                // for (int i = 0; i < firstTableSize; i++)
                // {
                //     uint entity = BitConverter.ToUInt32( Memory.ReadMemory(Memory.ReadProcess, ((int)firstTable + i * 4), 4, out bRead), 0); 
                //     // and now you have entity pointer, from here on deref visualstate and read coords.. ezpz
                // 
                //     Vector3 pos = GetUnitPosition((int)entity, feetPositionOffset);
                //     Vector3 relativeToPlayer = plyPos.Minus(pos);
                //     Color color = Color.Red;
                // 
                //     DrawToRadar(g, relativeToPlayer, color);        // Draw to the 2D Radar.
                // }

                Console.WriteLine("MasterTable: " + mastTable + " first Table Size: " + firstTableSize);
                Console.WriteLine("MasterTable: " + mastTable + " secon Table Size: " + seconTableSize);
                Console.WriteLine("MasterTable: " + mastTable + " third Table Size: " + thirdTableSize);
                Console.WriteLine("MasterTable: " + mastTable + " forth Table Size: " + forthTableSize);
            }
Found one mistake in this. I was reading tables from worldOffset, which is wrong. After I calculated world. I should be reading from world+ the offsets for tables.
 
Last edited:

c5

Kim Kong Trasher
Dank Tier VIP
Dank Tier Donator
Jul 19, 2012
1,187
12,638
76
I can't think you enough for your help already, I just have a few question about the data structure if you don't mind.

What are the differences between the slave tables, because they definately do not look like they are all the same?
And what are the differences between the master tables?

I am asking because earlier I was detecting the positions of units using the E2C master table, but then out of the blue that stopped working
and it appeared to switch to the B88 master table... and I'm not sure what to make of it. Is this simply one of many ways to prevent us cheating?
Some entities near you appear in first tables, the further they get from you, the lower they go between the tables. Some tables only hold map structures, some hold flies and footmarks and shit like that.

Take a look at here, I didn't name anything as salve tables or master tables or what not, and the offsets are old cause the thread is pretty much from when the game released but you can get some idea on the structure maybe.
https://guidedhacking.com/showthread.php?3622-ArmA-3-reversals
 

Tarolion

Newbie
Full Member
Nobleman
Mar 12, 2015
42
258
1
Some entities near you appear in first tables, the further they get from you, the lower they go between the tables. Some tables only hold map structures, some hold flies and footmarks and shit like that.

Take a look at here, I didn't name anything as salve tables or master tables or what not, and the offsets are old cause the thread is pretty much from when the game released but you can get some idea on the structure maybe.
https://guidedhacking.com/showthread.php?3622-ArmA-3-reversals
Dude you are amazing, thank you so much! I will look into this now and report back soon.

Ok, so I'm struggling with this again....

My Table sizes are way off, and I don't know why....

Here's what I'm doing:

C#:
 foreach (int mastTable in masterTables)
            {
                Vector3 plyPos = GetUnitPosition(worldOffset, localPlayerOffsets, feetPositionOffset);

                // first take world, der that pointer to the class itself
                uint world = BitConverter.ToUInt32(Memory.ReadMemory(Memory.ReadProcess, worldOffset, 4, out bRead), 0);

                // now get the first and second (for luls) slave table which is under the master table. they are both in the World class.
                int firstTable = BitConverter.ToInt32(Memory.ReadMemory(Memory.ReadProcess, ((int)world + mastTable + slaveTables[0] + 4), 4, out bRead), 0);
                int seconTable = BitConverter.ToInt32(Memory.ReadMemory(Memory.ReadProcess, ((int)world + mastTable + slaveTables[1] + 4), 4, out bRead), 0);
                int thirdTable = BitConverter.ToInt32(Memory.ReadMemory(Memory.ReadProcess, ((int)world + mastTable + slaveTables[2] + 4), 4, out bRead), 0);
                int forthTable = BitConverter.ToInt32(Memory.ReadMemory(Memory.ReadProcess, ((int)world + mastTable + slaveTables[3] + 4), 4, out bRead), 0);

                int firstTableSize = BitConverter.ToInt32(Memory.ReadMemory(Memory.ReadProcess, ((int)world + mastTable + slaveTables[0] + 8), 4, out bRead), 0);
                int seconTableSize = BitConverter.ToInt32(Memory.ReadMemory(Memory.ReadProcess, ((int)world + mastTable + slaveTables[1] + 8), 4, out bRead), 0);
                int thirdTableSize = BitConverter.ToInt32(Memory.ReadMemory(Memory.ReadProcess, ((int)world + mastTable + slaveTables[2] + 8), 4, out bRead), 0);
                int forthTableSize = BitConverter.ToInt32(Memory.ReadMemory(Memory.ReadProcess, ((int)world + mastTable + slaveTables[3] + 8), 4, out bRead), 0);

                if (firstTableSize < 0) break;

                // now iterate according to table size...
                for (int i = 0; i < firstTableSize; i++)
                {
                    uint entity = BitConverter.ToUInt32(Memory.ReadMemory(Memory.ReadProcess, ((int)firstTable + i * 4), 4, out bRead), 0); 
                    // and now you have entity pointer, from here on deref visualstate and read coords.. ezpz
                
                    Vector3 pos = GetUnitPosition((int)entity, feetPositionOffset);
                    Vector3 relativeToPlayer = pos.Minus(plyPos);
                    Color color = Color.Red;
                
                    DrawToRadar(g, relativeToPlayer, color);        // Draw to the 2D Radar.

                    Console.WriteLine("X: {0}, Y: {1}, Z: {2} ", pos.X.ToString(), pos.Y.ToString(), pos.Z.ToString());
                }

                Console.WriteLine("MasterTable: " + mastTable + " first Table Size: " + firstTableSize);
            }
Is there any strickingly stupid there.... I mean, I'm as close as I can be to these soldiers, but its picking up about 10000000 entities at times, not just the 8 in my scene (not including the local player...) Here's a screenshot of the scene I'm working with:



Some are standing still, other walk around.

Even when I stand next to one, it doesn't seem to pickup on their location... :(
 
Last edited:

c5

Kim Kong Trasher
Dank Tier VIP
Dank Tier Donator
Jul 19, 2012
1,187
12,638
76
Well it looks more like it now definetly. Follow the paths with reclass aswell and see what might cause the trouble. I think those + 4 and + 8 might actually be wrong. They might even be + 8 and + 0xC, but I am not sure as I don't have the game installed. Either way, do the same in reclass, it helps you to visualize where you are walking off
 

Tarolion

Newbie
Full Member
Nobleman
Mar 12, 2015
42
258
1
Well it looks more like it now definetly. Follow the paths with reclass aswell and see what might cause the trouble. I think those + 4 and + 8 might actually be wrong. They might even be + 8 and + 0xC, but I am not sure as I don't have the game installed. Either way, do the same in reclass, it helps you to visualize where you are walking off
You sir, are a genius!


Thank you so much for your help, After this session I understand how memory should be read much better, and I have my radar working perfectly.

I just have a few offsets to find on things like unit side, etc and I'm finished with the 2D radar.

I really can't thank you enough!

Give me a few days, and I'm going to try to write a guide for people like myself just getting through it, on how to use these things in code.


Ok, so I discovered a problem with doing what I am doing in terms of using this radar, If I am on any map other than the virtual reality one, there are so many entities that the radar is covered in them.... xD Time to fix. xD
 
Last edited:
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Similar threads

Community Mods