Solved How to find the entity list?

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

IzzyMichiel

Newbie
Full Member
May 29, 2016
43
198
1
Hello,

I got it now how to find my local player base but for the trigggerbot I want that it only shoots when it's from the other team and if the health is 0.
Now I can't find the entity base can someone help? (I don't want to dump the addresses I just want to learn)

Thanks
 

wolf22j

Coder
Full Member
Nobleman
Mar 19, 2014
133
1,778
20
You do it the same way you got your local base. Shoot an enemy, search for decreased value, rinse, repeat. Then you can get the base from there by subtracting the same offsets you found for your local players health. Example: dynamic health addr - health offset(s), then search for that value in hex format with a new scan and a static address or two will popup. From there you can dissect that structure.
 
Last edited:

wolf22j

Coder
Full Member
Nobleman
Mar 19, 2014
133
1,778
20
The offsets won't be directly off the base itself. One of those pointers will contain an entity or an entity list with more pointers. Here's an example using assault cube:

entity base structure : https://gyazo.com/c3554448a82d397a4df0d7e599360cd0
pointer at 00 opened from that base structure (this contains the pointers to all of the enemies): https://gyazo.com/9d228f398d54e892d6d7867b57cb3fb4
and then finally opening one of those pointers (which brings us to one of the enemies and all of their values): https://gyazo.com/fad4ca1b5f6964d4af6958421a618c99
 
Last edited:

Oneshot

Meme Tier VIP
Apr 4, 2015
232
190
13
The entiylist is the structure the localplayer is in.
this will be confusing because when offline because enitybase points to your loclaplayer beacuse you are the first entity in offline.
search for your own health like i do in this video https://youtu.be/GfsmnQngUWk
then when you have to pointerscaned for your localplayer and you will get 4 results and one of them will be to the enititylist.
go online in insecure mode to an hvh server or some shit like that and you will se that one of the pointers change. thats your entitylist.
 

IzzyMichiel

Newbie
Full Member
May 29, 2016
43
198
1
The entiylist is the structure the localplayer is in.
this will be confusing because when offline because enitybase points to your loclaplayer beacuse you are the first entity in offline.
search for your own health like i do in this video https://youtu.be/GfsmnQngUWk
then when you have to pointerscaned for your localplayer and you will get 4 results and one of them will be to the enititylist.
go online in insecure mode to an hvh server or some shit like that and you will se that one of the pointers change. thats your entitylist.
Okay, I will try that but how can I find it then in other games?
 

IzzyMichiel

Newbie
Full Member
May 29, 2016
43
198
1
Oneshot btw also in your tutorial about the finding the player base but when you are checking the addresses you are checking about the mflag but why is it not good when you just check it from which value is really changing??
 

Oneshot

Meme Tier VIP
Apr 4, 2015
232
190
13
Oneshot btw also in your tutorial about the finding the player base but when you are checking the addresses you are checking about the mflag but why is it not good when you just check it from which value is really changing??
i have a hard time understanding you but it think you wanna know why i just cant take whatever address there is that mflags are changing in?

if you take a look at those addresses then you will see that the asm that asigns the values dont use the base address and thats why they cant be used. it would look like ebx[ecx+edc] or some shit like that.
and then we cant really see whats happening there. edc might hold the offset and we can check that but theses addresses i have found are often in a different space in memory.
to really find witch one it is without any knowledge you just need to use trail and error to get to the right one. but one thing i know is that it looks good when the asm thats writes to the address uses edx[ebx+00000FC] then i know it
uses an hardcoded offset and its usses that offset with the base ebx in that case and it stores it in edx. and edx is our health address.
 

IzzyMichiel

Newbie
Full Member
May 29, 2016
43
198
1
i have a hard time understanding you but it think you wanna know why i just cant take whatever address there is that mflags are changing in?

if you take a look at those addresses then you will see that the asm that asigns the values dont use the base address and thats why they cant be used. it would look like ebx[ecx+edc] or some shit like that.
and then we cant really see whats happening there. edc might hold the offset and we can check that but theses addresses i have found are often in a different space in memory.
to really find witch one it is without any knowledge you just need to use trail and error to get to the right one. but one thing i know is that it looks good when the asm thats writes to the address uses edx[ebx+00000FC] then i know it
uses an hardcoded offset and its usses that offset with the base ebx in that case and it stores it in edx. and edx is our health address.
Hello,

I don't mean it like that. When you where filter the good addresses out from the health. On minute 5:00.
You are looking only at the addresses that have that mflag = 257 ...
But I was doing it with the address which really changes them all. Why is that not the good one?
And in other games I guese you don't have the mflag.

You understand a bit more?
 

IzzyMichiel

Newbie
Full Member
May 29, 2016
43
198
1
Also look at 1:20

... Why do you think it's not good? And what do you need to do in other games?
Oneshot
 
Last edited:

Oneshot

Meme Tier VIP
Apr 4, 2015
232
190
13
its mostly trail and error this part. its not a good one beacuse it dont have the mflags, you can check them all if you want to and see if they are usable in some way but you want to find the one that have everything and that is asigned buy and baseaddress and offset. like this edx[ebx+00000FC] thats the only rules.

the goal is to find a pointer to the base of the struct and thats what we are doing. and we need to check if its the right struct. and how do we do that? we have to reverse them all and see if they are usable.
 

IzzyMichiel

Newbie
Full Member
May 29, 2016
43
198
1
its mostly trail and error this part. its not a good one beacuse it dont have the mflags, you can check them all if you want to and see if they are usable in some way but you want to find the one that have everything and that is asigned buy and baseaddress and offset. like this edx[ebx+00000FC] thats the only rules.

the goal is to find a pointer to the base of the struct and thats what we are doing. and we need to check if its the right struct. and how do we do that? we have to reverse them all and see if they are usable.
Okay, so if I want to do this in another game like for the future it's just trying out which is working and which not there is not really a right and not right?
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods