Solved tut on reversing "C_BaseAnimating::SetupBones"

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

BeesKnees

Coder
Full Member
Nobleman
Jul 24, 2013
124
1,973
3
For the past 3 months I've been looking for a solution to this on every hack forum I can find, and I've done almost all of these: https://thelegendofrandom.com/blog/sample-page.
and still no luck. I don't want to be GIVEN the offset itself, I want to LEARN how to find it.
Post a paypal address with your tut and be my fuckin savior. I'll even add credits to your name IN EVERY FUTURE POST I MAKE.
Please help.
 

dude719

Newbie
Full Member
Nov 1, 2013
6
1,958
1
For the past 3 months I've been looking for a solution to this on every hack forum I can find, and I've done almost all of these: https://thelegendofrandom.com/blog/sample-page.
and still no luck. I don't want to be GIVEN the offset itself, I want to LEARN how to find it.
Post a paypal address with your tut and be my fuckin savior. I'll even add credits to your name IN EVERY FUTURE POST I MAKE.
Please help.
Okay it's really simple.

Search in the client module for this referenced text string:
C++:
C_BaseAnimating::SetupBones
You will end up in this function:



This function is the C_BaseAnimating::SetupBones function, the one you are looking for obviously. How do I know it's obvious? Well, just take a look in the SDK @ the file c_baseanimating.cpp:



See the similarities?

Now that you're in the function you want to be in take note of the EDI register. That register is the C_BaseEntity class.

If you scroll down you'll see these sets of instructions:
C++:
.text:101C1B4E loc_101C1B4E:                           ; CODE XREF: sub_101C18F0+257j
.text:101C1B4E                 mov     dword ptr [edi+0A78h], 0
.text:101C1B58                 mov     dword ptr [edi+0A7Ch], 0
.text:101C1B62                 movss   dword ptr [edi+0CF4h], xmm0


What you're probably looking for is the bone matrix if I'm not mistaken. That is at
C++:
edi + 0xA78
To be 100% certain, lets take a look in ReClass:



Those look like proper values for bone positions alright!

If you're worried about not finding it next update then make a sig :)

C++:
\xC7\x87\x00\x00\x00\x00\x00\x00\x00\x00\xC7\x87\x00\x00\x00\x00\x00\x00\x00\x00\xF3\x0F\x11\x87\x00\x00\x00\x00\x8B\x87 
xx????????xx????????xxxx????xx
 

squeenie

Hacker
Meme Tier VIP
Dank Tier Donator
Mar 6, 2013
677
5,478
37
Okay it's really simple.

Search in the client module for this referenced text string:
C++:
C_BaseAnimating::SetupBones
You will end up in this function:



This function is the C_BaseAnimating::SetupBones function, the one you are looking for obviously. How do I know it's obvious? Well, just take a look in the SDK @ the file c_baseanimating.cpp:



See the similarities?

Now that you're in the function you want to be in take note of the EDI register. That register is the C_BaseEntity class.

If you scroll down you'll see these sets of instructions:
C++:
.text:101C1B4E loc_101C1B4E:                           ; CODE XREF: sub_101C18F0+257j
.text:101C1B4E                 mov     dword ptr [edi+0A78h], 0
.text:101C1B58                 mov     dword ptr [edi+0A7Ch], 0
.text:101C1B62                 movss   dword ptr [edi+0CF4h], xmm0


What you're probably looking for is the bone matrix if I'm not mistaken. That is at
C++:
edi + 0xA78
To be 100% certain, lets take a look in ReClass:



Those look like proper values for bone positions alright!

If you're worried about not finding it next update then make a sig :)

C++:
\xC7\x87\x00\x00\x00\x00\x00\x00\x00\x00\xC7\x87\x00\x00\x00\x00\x00\x00\x00\x00\xF3\x0F\x11\x87\x00\x00\x00\x00\x8B\x87 
xx????????xx????????xxxx????xx
Beautiful post
 

BeesKnees

Coder
Full Member
Nobleman
Jul 24, 2013
124
1,973
3
Thanks so much for your time, I knew the registers would be needed but my issue was setting a breakpoint to see them because of the anti debugger at the beginning :/
 

BeesKnees

Coder
Full Member
Nobleman
Jul 24, 2013
124
1,973
3
Okay it's really simple.

Search in the client module for this referenced text string:
C++:
C_BaseAnimating::SetupBones
You will end up in this function:



This function is the C_BaseAnimating::SetupBones function, the one you are looking for obviously. How do I know it's obvious? Well, just take a look in the SDK @ the file c_baseanimating.cpp:



See the similarities?

Now that you're in the function you want to be in take note of the EDI register. That register is the C_BaseEntity class.

If you scroll down you'll see these sets of instructions:
C++:
.text:101C1B4E loc_101C1B4E:                           ; CODE XREF: sub_101C18F0+257j
.text:101C1B4E                 mov     dword ptr [edi+0A78h], 0
.text:101C1B58                 mov     dword ptr [edi+0A7Ch], 0
.text:101C1B62                 movss   dword ptr [edi+0CF4h], xmm0


What you're probably looking for is the bone matrix if I'm not mistaken. That is at
C++:
edi + 0xA78
To be 100% certain, lets take a look in ReClass:



Those look like proper values for bone positions alright!

If you're worried about not finding it next update then make a sig :)

C++:
\xC7\x87\x00\x00\x00\x00\x00\x00\x00\x00\xC7\x87\x00\x00\x00\x00\x00\x00\x00\x00\xF3\x0F\x11\x87\x00\x00\x00\x00\x8B\x87 
xx????????xx????????xxxx????xx
I rly appreciate your time but still no luck.

For one i'm using olly (IDA is a huge mindfuck to me)
2: I can't set a breakpoint and restart cs to see it because it's either packed or anti-debugger
3. I can't see previously used registers that have already been changed
 

dude719

Newbie
Full Member
Nov 1, 2013
6
1,958
1
I rly appreciate your time but still no luck.

For one i'm using olly (IDA is a huge mindfuck to me)
2: I can't set a breakpoint and restart cs to see it because it's either packed or anti-debugger
3. I can't see previously used registers that have already been changed
That shouldn't matter, all you have to do is search for this:
C++:
C_BaseAnimating::SetupBones
1: Run the game you're hacking (CSS or CSGO, I'm not really sure which one you're trying to hack)
2: Open OllyDBG

3: Attach to the process you're hacking. File -> Attach

4: Select the client.dll module. Alt + E to open module window.

5: Search for all the referenced text strings in the module. Right click -> Search for -> All referenced text strings

6: Once the window opens, right click and press Search for text

7: Type C_BaseAnimating::SetupBones in the text box, then press okay

8: Search for next until you fins the right string

9: We found it! Now double click the string reference

10: We will be jumped tot he strings location. We are now in the SetupBones function!

11: Remember that EDI is the C_BaseEntity class. Scroll down and see this

12: EDI + 0xA78 is our bone matrix pointer! So that means Player + 0xA78 should be the bone matrix for every player!
 
Last edited:

Liduen

Hacker
Dank Tier VIP
May 19, 2013
702
8,478
33
That shouldn't matter, all you have to do is search for this:
C++:
C_BaseAnimating::SetupBones
1: Run the game you're hacking (CSS or CSGO, I'm not really sure which one you're trying to hack)
2: Open OllyDBG
3: Attach to the process you're hacking. File -> Attach
4: Select the client.dll module. Alt + E to open module window.
5: Search for all the referenced text strings in the module. Right click -> Search for -> All referenced text strings
6: Once the window opens, right click and press Search for text
7: Type C_BaseAnimating::SetupBones in the text box, then press okay
8: Search for next until you fins the right string
9: We found it! Now double click the string reference
10: We will be jumped tot he strings location. We are now in the SetupBones function!
11: Remember that EDI is the C_BaseEntity class. Scroll down and see this
12: EDI + 0xA78 is our bone matrix pointer! So that means Player + 0xA78 should be the bone matrix for every player!
Holy shit this was explained VERY precisely!
You should write tutorials more often definitely!! :)
 

BluhhBluhhTom

Newbie
Full Member
May 29, 2016
12
88
0
That shouldn't matter, all you have to do is search for this:
C++:
C_BaseAnimating::SetupBones
1: Run the game you're hacking (CSS or CSGO, I'm not really sure which one you're trying to hack)
2: Open OllyDBG

3: Attach to the process you're hacking. File -> Attach

4: Select the client.dll module. Alt + E to open module window.

5: Search for all the referenced text strings in the module. Right click -> Search for -> All referenced text strings

6: Once the window opens, right click and press Search for text

7: Type C_BaseAnimating::SetupBones in the text box, then press okay

8: Search for next until you fins the right string

9: We found it! Now double click the string reference

10: We will be jumped tot he strings location. We are now in the SetupBones function!

11: Remember that EDI is the C_BaseEntity class. Scroll down and see this

12: EDI + 0xA78 is our bone matrix pointer! So that means Player + 0xA78 should be the bone matrix for every player!

Hey I know this is an old post but i'm having trouble finding this for Garry's Mod and i'm wondering if CSS and Garry's Mod both use EDI? or does Garry's Mod use something different I should be looking for?
Thanks :)
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods