[Not Source]Counter-Strike: Source Offline Aimbot

[lilneo]

I lied, this is a source code. Here, I noobproofed it too.
(It's offline only - it checks for bots instead of players. Not hard to change
And it works as of 12/6/2010 and it's still buggy with aiming at who you want it to, and it doesn't exactly check visiblity since that was lagging and sometimes it wouldn't work. Uhmmm, inject it, and hit insert to turn on/off

main.cpp

Code:

#include <string>
#include <cmath>
#include <iostream>
#include "sdk.h"

using namespace std;

#undef GetAsyncKeyState
#undef GetCursorPos

bool hack;
QAngle angles;
bool EnemyVisible;
C_BaseEntity *Target;

/* Returns a specified column from a matrix3x4_t */
Vector MatrixColumn(const matrix3x4_t &Matrix, int Column)
{
	return Vector(Matrix[0][Column], Matrix[1][Column], Matrix[2][Column]);
}

/* Returns a Vector of a bone; NOTE: Will return Vector() if it cannot get the bone, NOT SAFE */
bool GetBonePositions(IClientEntity* Entity, int Bone, Vector &vBone)
{
    matrix3x4_t Matrix[128];
    if(Bone < 0 || Bone >= 20 || !Entity || Entity->IsDormant() || !Entity->SetupBones(Matrix, 128, 0x00000100, 0))
        return false;

    vBone = MatrixColumn(Matrix[Bone], 3);

    return true;
}

DWORD *HookVFunc(DWORD *vtable, int index, DWORD *newFunction)
{
	DWORD dwOldProt, *oldFunc;
	VirtualProtect(&vtable[index], 4, PAGE_EXECUTE_READWRITE, &dwOldProt);
	oldFunc=(DWORD*)vtable[index];
	vtable[index]=(DWORD)newFunction;
	VirtualProtect(&vtable[index], 4, dwOldProt, &dwOldProt);
	return oldFunc;
}

void (__stdcall *oHudUpdate)(bool);

void _stdcall xHudUpdate(bool bActive)
{
	double DistHolder[1024];
	C_BaseEntity *EntHolder[1024];

	memset(DistHolder, 0, sizeof(DistHolder));
	memset(EntHolder, 0, sizeof(EntHolder));

	double Distance = 0;
	C_BaseEntity* ClosestTarget;
	bool EnemyVisible = false;
	Vector Predict;
	Predict.Init(0,0,0);
	trace_t Trace;
	Ray_t Ray;
	Ray.Init(0, 0);
	double smallestp;
	double smallesty;
	double Distance2 = 0;
	double Last;
	QAngle aimangles;
	aimangles.Init(0,0,0);

	matrix3x4_t Matrix[128];
	matrix3x4_t pBoneToWorld;
	Vector num;
	num.Init();
	HANDLE hnd = GetStdHandle(STD_OUTPUT_HANDLE);

	QAngle angleholder;
	angleholder.Init();
	QAngle Botangles;
	Botangles.Init(0,0,0);

	Vector vectorholder;
	vectorholder.Init();

	IClientEntity* MyEnt = NULL;
	IClientEntity* EnemyEnt = NULL;
	C_BaseEntity* MyBaseEnt = NULL;
	C_BaseEntity* EnemyBaseEnt = NULL;
	C_BaseEntity* Target = NULL;

	Vector playpos;
	playpos.Init(0,0,0);

	Vector playpos2;
	playpos2.Init(0,0,0);

	double xdist = 0;
	double ydist = 0;
	double zdist = 0;
	double xang = 0;
	double yang = 0;

	angles.x=0;
	angles.y=0;
	angles.z=0;

	if(GetAsyncKeyState(VK_INSERT)&1)
	{
		hack=!hack;
		if(hack && pEngineClient->IsInGame())
		{
			ConMsg(0,"Aimbot turned on\n");
			WriteText(hnd,"Aimbot turned on");
			pEngineClient->SetRestrictClientCommands(false);
			pEngineClient->ClientCmd("sv_cheats 1;r_visualizetraces 1");
		}
		if(!hack)
		{
			ConMsg(0,"Aimbot turned off\n");
			WriteText(hnd,"Aimbot turned off");
			pEngineClient->ClientCmd("r_visualizetraces 0");
		}
	}

	if(!pEngineClient->IsInGame() && hack)
	{
		hack=false;
		WriteText(hnd,"Out of game or dead, aimbot turned off");
	}

	if(!hack)
	{
		Target=NULL;
		MyEnt=NULL;
		MyBaseEnt=NULL;
		EnemyEnt=NULL;
	}
	else
	if(hack)
	{
		EnemyVisible = false;
		playpos2.Init(0,0,0);
		if(pEngineClient->IsInGame())
		{
			ClosestTarget=NULL;
			Target=NULL;
			MyEnt=NULL;
			MyBaseEnt=NULL;
			EnemyEnt=NULL;
			EnemyBaseEnt=NULL;
			Distance = 0;
			Distance2 = 0;
			
			for(int i=2;i<=EntList->NumberOfEntities(true);i++)
			{
				EnemyEnt = EntList->GetClientEntity(i);
				MyEnt = EntList->GetClientEntity(1);
				MyBaseEnt = (C_BaseEntity*)MyEnt;
				EnemyVisible = false;
				if(EnemyEnt!=NULL)
				{
					EnemyBaseEnt = (C_BaseEntity*)EnemyEnt;
					if(EnemyBaseEnt->IsBot())
					{
						if(EnemyBaseEnt->GetTeamNumber() != MyBaseEnt->GetTeamNumber())
						{
							WriteText(hnd,"Target found");

							if(GetBonePositions((IClientEntity*)EnemyBaseEnt,14,playpos2)){}
							if(GetBonePositions((IClientEntity*)MyBaseEnt,14,playpos)){}

							ClosestTarget = EnemyBaseEnt;
							
							if(ClosestTarget==NULL)
								continue;
											
							xdist = playpos2.x-playpos.x;
							ydist = playpos2.y-playpos.y;
							zdist = playpos2.z-playpos.z;

							if(xdist<0)
							{
								yang = ((atan(ydist/xdist)*57.29578)+180);
							}
							if(xdist>0)
							{
								yang = (atan(ydist/xdist)*57.29578);
							}

							xang = (atan(zdist/dist(playpos.x,playpos.y,playpos2.x,playpos2.y))*-57.29578);

							angles.Init(xang,yang,0);

							aimangles = MyBaseEnt->GetAbsAngles();
							Botangles.Init(xang,yang,0);

							smallestp = abs(aimangles.x-Botangles.x);
							smallesty = abs(aimangles.y-Botangles.y);

							Distance2 = smallestp+smallesty;

							if(i==2)
							{
								Target = ClosestTarget;
								Distance = Distance2;
							}

							if(Distance2<Distance)
							{
								Distance = Distance2;
								Target = ClosestTarget;
							}

							if(GetBonePositions((IClientEntity*)Target,14,playpos2)){}
							if(GetBonePositions((IClientEntity*)MyBaseEnt,14,playpos)){}

							xdist = playpos2.x-playpos.x;
							ydist = playpos2.y-playpos.y;
							zdist = playpos2.z-playpos.z;

							if(xdist<0)
							{
								yang = ((atan(ydist/xdist)*57.29578)+180);
							}
							if(xdist>0)
							{
								yang = (atan(ydist/xdist)*57.29578);
							}

							xang = (atan(zdist/dist(playpos.x,playpos.y,playpos2.x,playpos2.y))*-57.29578);
													
							angles.Init(xang,yang,0);
							Ray.Init(playpos,playpos2);
							Tracer->TraceRay(Ray,MASK_SHOT,0,&Trace);
						}
					}
				}
				else
				if(EnemyEnt==NULL && i==EntList->NumberOfEntities(true))
				{
					break;
				}
			}
			if(GetAsyncKeyState(VK_LBUTTON)) //Aimbot core code
			{
				if (playpos2.x+playpos2.y!=0)
				{
					WriteText(hnd,"Target is Visible");
					pEngineClient->SetViewAngles(angles);
					WriteText(hnd,"Aiming...");
				}
			}
		}
	}
	oHudUpdate(bActive);
}


int MainThread()
{
	AllocConsole();
	HANDLE hnd = GetStdHandle(STD_OUTPUT_HANDLE);

	while(!GetModuleHandle("engine.dll"))
	{
		Sleep(100);
	}
	WriteText(hnd,"Engine.dll module found");
	//IVEngineClient
	CreateInterfaceFn pEngInt = (CreateInterfaceFn)GetProcAddress(GetModuleHandle("engine.dll"), "CreateInterface");
	pEngineClient = (IVEngineClient *)pEngInt(VENGINE_CLIENT_INTERFACE_VERSION,NULL);

	//IEngineTrace
	CreateInterfaceFn TraceInt = (CreateInterfaceFn)GetProcAddress(GetModuleHandle("engine.dll"),"CreateInterface");
	Tracer = (IEngineTrace *)TraceInt(INTERFACEVERSION_ENGINETRACE_CLIENT,NULL);
	while(!GetModuleHandle("gameui.dll"))
	{
		Sleep(100);
	}
	WriteText(hnd,"gameui.dll module found");

	//IGameConsole
	CreateInterfaceFn ConCreateInterface = (CreateInterfaceFn)GetProcAddress(GetModuleHandle("gameui.dll"), "CreateInterface");
	g_pIGameConsole = (IGameConsole *)ConCreateInterface(GAMECONSOLE_INTERFACE_VERSION, NULL);
	while(!GetModuleHandle("client.dll"))
	{
		Sleep(100);
	}
	WriteText(hnd,"client.dll module found");

	//IClientEntityList
	CreateInterfaceFn EntListInt = (CreateInterfaceFn)GetProcAddress(GetModuleHandle("client.dll"), "CreateInterface");
	EntList = (IClientEntityList *)EntListInt(VCLIENTENTITYLIST_INTERFACE_VERSION, NULL);

	//IBaseClientDLL
	CreateInterfaceFn IBaseInt = (CreateInterfaceFn)GetProcAddress(GetModuleHandle("client.dll"),"CreateInterface");
	HudUpdateHook = (DWORD *)IBaseInt(CLIENT_DLL_INTERFACE_VERSION,NULL);
	oHudUpdate = (void (__stdcall *)(bool))HookVFunc(*(DWORD**)HudUpdateHook, 9,(DWORD*) &xHudUpdate);

	if(pEngineClient == NULL || g_pIGameConsole == NULL || EntList == NULL)
	{
		MessageBox(0,"Error","Error",0);
		return 0;
	}
	while(!pEngineClient->Con_IsVisible())
	{
		g_pIGameConsole->Show();
	}
	g_pIGameConsole->Clear();
	ConMsg(0,"------------------------------\n| CSS Offline Aimbot Loaded  |\n------------------------------\n\n");

	while(1) //main aimbot loop
	{
		Sleep(50);
	}
}


BOOL WINAPI DllMain( HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpReserved )
{
	if( dwReason == DLL_PROCESS_ATTACH )
	{
		CreateThread( NULL, NULL, (LPTHREAD_START_ROUTINE)MainThread, NULL, NULL, NULL);
	}
	return TRUE;
}

Output_text.h

Code:

#include <string>
#include <windows.h>
#include <sstream>
#include "Cbase.h"

template<typename T>std::string ToString(const T& value){
   stringstream ccout;
   ccout << value;
   return ccout.str();
} 

void WriteText(HANDLE hnd,std::string text)
{
	text += "\n";
	WriteFile(hnd,text.c_str(),text.length(),0,0);
}

double dist(double x1,double y1, double x2, double y2)
{
	double sqr = (x1-x2)*(x1-x2);
	double sqr2 = (y1-y2)*(y1-y2);
	double added = sqr + sqr2;

	return sqrt(added);
}

sdk.h

Code:

#pragma once

#include <windows.h>
#include "tier0/dbg.h"
#undef CreateThread
#include "interface.h"
#include "output_text.h"
#include "cbase.h"
#include "cdll_int.h"
#include "usercmd.h"
#include "networkvar.h"


#pragma once
class IGameConsole : public IBaseInterface
{
public:
    virtual void Show() = 0;
    virtual void Init() = 0;
    virtual void Hide() = 0;
    virtual void Clear() = 0;
    virtual bool IsShown() = 0;

    // ???
    virtual void UnknownA() = 0;
    virtual void UnknownB() = 0;
};

#define GAMECONSOLE_INTERFACE_VERSION "GameConsole004"

#define VENGINE_CLIENT_INTERFACE_VERSION "VEngineClient013"

IGameConsole *g_pIGameConsole=NULL;

IVEngineClient *pEngineClient = NULL;

IClientEntityList *EntList = NULL;

DWORD *HudUpdateHook = NULL;

IEngineTrace *Tracer = NULL;

CUserCmd *Cmd;

Please no flaming. This aimbot is shit, and I ditched it a while ago. But it does compile in msvc++ 2008 with the right settings (casual settings, nothing special)

And when it says you're missing like 5000000 header files, you're a n0b and you need to lrn2egnhook

Have fun

Also: SUPER special thanks to Hell_Demon (Westley) for teaching me to hook things. I really had no idea, but in this I hooked EndScene to make it execute every frame.

~lilneo

[X-Booster]

i am sorry but this code is simply ugly.

Good share tho?

[Hell_Demon]

i am sorry but this code is simply ugly.

Good share tho?

Who cares about 'ugly' code? :P He's not working for a paysite so if it works it's good.

[ғᴜᴋᴏᴊʀ]

Who cares about 'ugly' code? :P He's not working for a paysite so if it works it's good.

Ugly coding = beast

[lilneo]

i am sorry but this code is simply ugly.

Good share tho?

I didn't code it to be released, fucking deal with it or get out.

I could probably do 100x better but note I also learned ALL of that as I wrote it. And it works pretty damn good.
~lilneo

[kibbles18]

can you tell me what i should learn to be able to code an aimbot like this for another game? im decent with c++, i can modify addies and w/out c/p and i understand how it works, but i dont understand aimbots. what should i learn to do to make something like this for another game? thanks in advance.

[lilneo]

Learn engine hooking, I followed Hell_Demon's engine hooking tutorial to start it out, I hooked the engine and then he helped me hook EndScene (the thing in game that happens every step that updates stuff) so I could put my aimbot code in that.

Anyway, if you need some help with it you can add me up on msn and I can help you out.
~lilneo

[kibbles18]

check your email

[258456]

lilneo, i would take your email address off of your previous post, it's not safe to do this on a public site that has 500k+ people.

[kibbles18]

so the QAngles class is a class that holds your camera/crosshair position?
and where did you get C_BaseEntity from?

[lilneo]

lilneo, i would take your email address off of your previous post, it's not safe to do this on a public site that has 500k+ people.

I was planning to right after, I don't mind giving it out too much but yeah, HD if you wanna edit my post and take out my email that would be nice.

so the QAngles class is a class that holds your camera/crosshair position?
and where did you get C_BaseEntity from?

This is an engine hook, is uses the game's source code (obtainable through steam) QAngle is the class of vector that valve has created. and C_BaseEntity is the BaseEntity class that a lot of different classes derive from.

~lilneo