Solved Internal hack reading whole structure

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

Darth Revan

Newbie
Full Member
Oct 21, 2015
13
107
1
Alright, so earlier I asked in the chat: "If I want to read a value internally, let's say an int (4 bytes), from the address (BaseAddress + 0x13B1CF0), is this how it would be done: int EBX = (int)(BaseAddress + 0x13B1CF0); ?".

And mambda being the awesome and helpful dude he is, answered:
  • int whatever = *(int*)( memory location );
  • the logic behind that is a memory location is a pointer to a value
  • so you dereference the pointer to get the value

So after understanding it, I added it to my c++ hack and it worked great. I then went on to do it with my Entity structure, that did not work so great... So I'm wondering, would anything be different when reading a custom type/structure or is there something wrong with the structure I have (although there shouldn't).


Here's my reading:
C++:
//Get player
Entity Player = *(Entity*)(EBX + BaseAddress + 0x7CEA0);
Here's my structure:
C++:
class Entity
{
	public:
		/*Entity();
		~Entity();*/

		D3DVECTOR Position; //0x0000 
		D3DVECTOR MiniMapPosition; //0x000C 
		D3DVECTOR MovementSpeed; //0x0018 
		D3DVECTOR SomethingView0; //0x0024 
		D3DVECTOR SomethingView1; //0x0030 
		D3DVECTOR SomethingView2; //0x003C 
		__int32 Team; //0x0048 
		__int32 Class; //0x004C 
		__int32 MovingForward; //0x0050 
		__int32 MovingBackward; //0x0054 
		__int32 MovingLeft; //0x0058 
		__int32 MovingRight; //0x005C 
		__int32 SomethingAlways0; //0x0060 
		__int32 IsDucking; //0x0064 
		__int32 SomethingAlways00; //0x0068 
		__int32 IsSprinting; //0x006C 
		__int32 IsLeftButtonDown; //0x0070 
		__int32 IsAiming; //0x0074 
		__int32 Tool; //0x0078 
		__int32 BlockColor; //0x007C 
		__int32 IsAlive; //0x0080 
		__int32 SomethingAlwaysOne; //0x0084 
		__int32 IsInAir; //0x0088 
		__int32 IsInWater; //0x008C 
		__int32 Kills; //0x0090 
		__int32 Blocks; //0x0094 
		__int32 Ammo; //0x0098 
		__int32 MaxAmmo; //0x009C 
		__int32 Grenades; //0x00A0 
		__int32 Health; //0x00A4 
		float LeftButtonCounter; //0x00A8 
		float RightButtonCounter; //0x00AC 
		char pad_0x00B0[0x4]; //0x00B0
		float ReloadCounter; //0x00B4 
		float MovementLevelCounter; //0x00B8 
		float MovementUpCounter; //0x00BC 
		float DeathCounter; //0x00C0 
		__int32 N0000006D; //0x00C4 
		__int32 N00000033; //0x00C8 
		__int32 N00000034; //0x00CC 
		__int32 N00000035; //0x00D0 
		__int32 N00000036; //0x00D4 
		__int32 SetTo1AfterDying0; //0x00D8 
		__int32 SetTo1AfterDying1; //0x00DC 
		__int32 SetTo1AfterDying2; //0x00E0 
		__int32 Index; //0x00E4 
		__int32 N0000003B; //0x00E8 
		__int32 N0000003C; //0x00EC 
		__int32 N0000003D; //0x00F0 
		char Name[60]; //0x00F4 
};//Size=0x0130
 
Last edited:

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,101
78,998
2,374
create an array or a vector of playerObject pointers and assign each element to each player object using a loop
 

till0sch

Respected Hacker
Dank Tier VIP
Dank Tier Donator
Oct 14, 2012
1,104
12,593
51
C++:
//Get player
Entity Player = *(Entity*)(EBX + BaseAddress + 0x7CEA0);
C++:
Entity* Me = (Entity*)(EBX+BaseAddress+0x7CEA0)
Me->Position = ...
This'd be it. Otherwise what didn't work exactly?
 

Darth Revan

Newbie
Full Member
Oct 21, 2015
13
107
1
C++:
Entity* Me = (Entity*)(EBX+BaseAddress+0x7CEA0)
Me->Position = ...
This'd be it. Otherwise what didn't work exactly?
Yeah, I tried that too. Forgot to mention that. Although, please correct me if I'm wrong, I'm a total C++ noob, but aren't those two ways of doing it essentially the same? I'm just trying to understand the concept.

What didn't work was I wanted to print the players ammo clip, the value in game is 30, while what is printed is 0.
 
Last edited:

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,101
78,998
2,374
Try this:
C++:
Entity * Player = (Entity*)(EBX + BaseAddress + 0x7CEA0);
And what is EBX?
 

Darth Revan

Newbie
Full Member
Oct 21, 2015
13
107
1
Rake;37987 said:
Try this:
C++:
Entity * Player = (Entity*)(EBX + BaseAddress + 0x7CEA0);
And what is EBX?
EBX is from what I can gather (with my measly reversing skills) a random value, could be 6, could be 25, could be 10. The value is then multiplied with 3A8 and that value used with the BaseAddress + offset will give one the player info. I have no idea what it actually means in connection to the player. I tried to find out, but I was lead to the assembly code: "push es". I don't know how to proceed from there. I'll give it another try, record it and then later post it, because it sure would be nice to actually know what it's meaning is.

I'm still having no luck getting the ammo clip or other player info when trying to read the whole entity structure, using the suggested methods.
 

mambda

headass
Escobar Tier VIP
Trump Tier Donator
Jun 25, 2014
2,298
37,938
269
Push es = push extra segment ( specific segment, like cs for code segment, ds for data segment, not really important atm )

EBX from what i can gather seems to be player index, multiplied by the distance between players in some list. 0x3A8.

Are you meant to dereference after BaseAddress + Offset? or is it one continuous thing
 

Darth Revan

Newbie
Full Member
Oct 21, 2015
13
107
1
Push es = push extra segment ( specific segment, like cs for code segment, ds for data segment, not really important atm )

EBX from what i can gather seems to be player index, multiplied by the distance between players in some list. 0x3A8.

Are you meant to dereference after BaseAddress + Offset? or is it one continuous thing
Yes exactly, but what then? How do I continue from that?

That would make sense, but I don't think it is, because if I go into a server that's empty, I'm listed in the scoreboard as #0, and EBX is still these random values.

I'm not quite sure what you mean with "are you meant to dereference after BaseAddress + Offset?". I know what dereferencing is, but I'm not quite sure what you are asking.
 

mambda

headass
Escobar Tier VIP
Trump Tier Donator
Jun 25, 2014
2,298
37,938
269
What im asking is, are you sure to get to player # 1 you do : BaseAddress + Offset + RandomNumber * 0x3A8

or do you BaseAddress+Offset, dereference that, then add RandomNumber * 0x3A8 to get your player ?

Edit : I'm going to bed so just go through the motions checking your padding in the struct, ensure you get your EBX value properly ( is that the value before or after it's been multiplied by 0x3A8? ) if all else fails, just get back to reversing :p

Gl m8
 
Last edited:

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,101
78,998
2,374
If you're talking about the EBX register that will change thousands of times per second, the only time you can really reference it is by hooking a function and using inline ASM to grab EBX before it is changed by another instruction.

Nice work so far, a couple more days of confusion and you'll get it :p
 

Darth Revan

Newbie
Full Member
Oct 21, 2015
13
107
1
What im asking is, are you sure to get to player # 1 you do : BaseAddress + Offset + RandomNumber * 0x3A8

or do you BaseAddress+Offset, dereference that, then add RandomNumber * 0x3A8 to get your player ?

Edit : I'm going to bed so just go through the motions checking your padding in the struct, ensure you get your EBX value properly ( is that the value before or after it's been multiplied by 0x3A8? ) if all else fails, just get back to reversing :p

Gl m8
Oh yes, I'm quite sure. By doing: RandomNumber * 0x3A8 + BaseAddress + Offset, I can get stuff like Ammo, Health, etc.

Went through the entity structure again, and it's the same. Only thing that happened was that I was able to decipher some other values and give them proper names/data types.

Rake;38000 said:
If you're talking about the EBX register that will change thousands of times per second, the only time you can really reference it is by hooking a function and using inline ASM to grab EBX before it is changed by another instruction.

Nice work so far, a couple more days of confusion and you'll get it :p
No no, I just couldn't think of a better name.

Thanks for the comforting words :p

How do you guys read e.g. player/enemy info (name, health, etc), each thing on it's own or the whole thing?
 
Last edited:

mambda

headass
Escobar Tier VIP
Trump Tier Donator
Jun 25, 2014
2,298
37,938
269
Depends on the purpose. If i only need one player why read all of them?

If i need multiple players that are right after each other then just read it as an array.
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods