Superkill, CharacterHitBox

**freshall** · 12-26-2021

How to get real-time access to the hitbox?
at the moment I'm doing it like this:
СPlayer -> CharacterFX ->CharacterHitBox
I know the structure of CPlayer, CharacterFX,
but I do not know the structure of CharacterHitBox

I found this in some thread:

Code:

for (int i = 0; i < pPlayer->pCharacterFx->nBones; i++)
{ 
    pPlayer->pCharacterFx->pHitBox[i]->Radius = { 150.0f, 150.0f, 150.0f }; //x y z
}

can someone give me this structure? (pHitBox[i]->Radius)
and I need information on how to find in the structure of CharacterFX -> nBones

**St.Bandera** · 12-26-2021

Originally Posted by freshall

How to get real-time access to the hitbox?
at the moment I'm doing it like this:
СPlayer -> CharacterFX ->CharacterHitBox
I know the structure of CPlayer, CharacterFX,
but I do not know the structure of CharacterHitBox

I found this in some thread:

Code:

for (int i = 0; i < pPlayer->pCharacterFx->nBones; i++)
{ 
    pPlayer->pCharacterFx->pHitBox[i]->Radius = { 150.0f, 150.0f, 150.0f }; //x y z
}

can someone give me this structure? (pHitBox[i]->Radius)
and I need information on how to find in the structure of CharacterFX -> nBones

AOB HitBox : 55 8B EC 83 EC 10 57 8B F9 8B 57 20 8B 02 89 45 FC 3B C2 74 66 56 8B 70 14 85 F6 74 4D FF 76 0C E8 ?? ?? ?? ?? F3 0F 10 4D 08 8D 55 F0 (CShell.dll 32)

**akbargain** · 12-26-2021

Charhitbox has it's own ModelInstance class. If you can find it, you'll see that it has ModelInstance RTTI.
Once you can loop thru it, use SetObjDims to modify the float.

tip: the pointer that holds the HitboxObject vector/ array/ loop is just a little bit below Charhitbox rtti. Also, the pointer doesn't have RTTI/class name. It looks innocent and doesn't want to call attention haha. inside that pointer, there's a lot of pointer that directs you to a another one and so on, get in that pointer then search thru pointers inside it.

tip: if you can find the Dimension Enlarger then reverse/patch function so that you can manipulate the node ID and value while it's looping.

tip: the best solution is to reverse the dimension enlarger to fully understand it (understand how the loop works) then make your own function to loop thru the pointer.

tip: Dimension Enlarger uses the float below the Charhitbox (1.0f is usually the default value and it's near the value 29 or 30.)
Also, the fn looks like this -> sub_blabla(charhitboxPointerHere, floatvalue here);

tip: Dimension Enlarger instruction has SetObjDims call. Just search the SOD function's address in cshell module.

tip: the loop structure is so much alike CAIObject (at least in my region, idk about the other versions). So if you know how CIAObject loop works then this should be a piece of cake.

goodluck!

**freshall** · 12-26-2021

Originally Posted by St.Bandera

AOB HitBox : 55 8B EC 83 EC 10 57 8B F9 8B 57 20 8B 02 89 45 FC 3B C2 74 66 56 8B 70 14 85 F6 74 4D FF 76 0C E8 ?? ?? ?? ?? F3 0F 10 4D 08 8D 55 F0 (CShell.dll 32)

thanks for this aob, I found the address

do you have an example of using this? (code)?

upd: do you have aob for x64 cf?

Originally Posted by akbargain

Charhitbox has it's own ModelInstance class. If you can find it, you'll see that it has ModelInstance RTTI.
Once you can loop thru it, use SetObjDims to modify the float.

tip: the pointer that holds the HitboxObject vector/ array/ loop is just a little bit below Charhitbox rtti. Also, the pointer doesn't have RTTI/class name. It looks innocent and doesn't want to call attention haha. inside that pointer, there's a lot of pointer that directs you to a another one and so on, get in that pointer then search thru pointers inside it.

tip: if you can find the Dimension Enlarger then reverse/patch function so that you can manipulate the node ID and value while it's looping.

tip: the best solution is to reverse the dimension enlarger to fully understand it (understand how the loop works) then make your own function to loop thru the pointer.

tip: Dimension Enlarger uses the float below the Charhitbox (1.0f is usually the default value and it's near the value 29 or 30.)
Also, the fn looks like this -> sub_blabla(charhitboxPointerHere, floatvalue here);

tip: Dimension Enlarger instruction has SetObjDims call. Just search the SOD function's address in cshell module.

tip: the loop structure is so much alike CAIObject (at least in my region, idk about the other versions). So if you know how CIAObject loop works then this should be a piece of cake.

goodluck!

thanks for the information

**Anger5K** · 12-27-2021

Code:

EnlargeAndSetDims Aob (x64): 48 ?? ?? ?? ?? 57 48 ?? ?? ?? 48 ?? ?? ?? 48 8B F9 0F ?? ?? ?? ?? 0F ?? ?? 48 ?? ?? 48 ?? ?? 0F 84 ?? ?? ?? ??

Code:

how use: target->pCharactherFx->GetCharacterHitBox()->EnlargeAndSetDims(6.0f);

**freshall** · 12-28-2021

Originally Posted by Anger5K

Code:

EnlargeAndSetDims Aob (x64): 48 ?? ?? ?? ?? 57 48 ?? ?? ?? 48 ?? ?? ?? 48 8B F9 0F ?? ?? ?? ?? 0F ?? ?? 48 ?? ?? 48 ?? ?? 0F 84 ?? ?? ?? ??

Code:

how use: target->pCharactherFx->GetCharacterHitBox()->EnlargeAndSetDims(6.0f);

I understand correctly that the structures should look like this:

Code:

struct CCharacterHitBox
{
	//???????????
}; //Size: 0x0000

GetCharacterHitBox() = CCharacterHitBox

struct cLTCharacterFX
{
	char pad_0000[1376]; //0x0000
	int8_t isDead; //0x0560
	char pad_0561[31]; //0x0561
	CCharacterHitBox* pCharaterHitbox; //0x0580
};

pCharactherFx = cLTCharacterFX

struct CPlayer
{
	char pad_0000[24]; //0x0000
	cLTCharacterFX* pCharacFX; //0x0018
};

can I learn more about the structure of the EnlargeAndSetDims?

and how do I use the address I found using aob? ( __int64 __fastcall sub_CB8C60(__int64 a1, float a2) )

**dreek1** · 12-28-2021

Code:

struct cLTCharacterFX
{
	char pad_0000[1376]; //0x0000
	int8_t isDead; //0x0560
	char pad_0561[31]; //0x0561
	CCharacterHitBox* pCharaterHitbox; //0x0580
};

pCharactherFx = cLTCharacterFX

struct CPlayer
{
	char pad_0000[24]; //0x0000
	cLTCharacterFX* pCharacFX; //0x0018
};

void __fastcall EnlargeAndSetDims(CCharacterHitBox* pCCharacterHitBox, float fScale) {
	using EnlargeAndSetDimsFn = void(__fastcall*)(CCharacterHitBox*, float);

	return reinterpret_cast<EnlargeAndSetDimsFn>((DWORD64)(Pointers::get()->getCShell() + ADDR_EnlargeAndSetDimsFn))(pCCharacterHitBox,fScale);
}

EnlargeAndSetDims(CPlayer->CharacFX->pCharacterHitBox, 6.0f);

**Anger5K** · 12-29-2021

Originally Posted by freshall

I understand correctly that the structures should look like this:

Code:

struct CCharacterHitBox
{
	//???????????
}; //Size: 0x0000

GetCharacterHitBox() = CCharacterHitBox

struct cLTCharacterFX
{
	char pad_0000[1376]; //0x0000
	int8_t isDead; //0x0560
	char pad_0561[31]; //0x0561
	CCharacterHitBox* pCharaterHitbox; //0x0580
};

pCharactherFx = cLTCharacterFX

struct CPlayer
{
	char pad_0000[24]; //0x0000
	cLTCharacterFX* pCharacFX; //0x0018
};

can I learn more about the structure of the EnlargeAndSetDims?

and how do I use the address I found using aob? ( __int64 __fastcall sub_CB8C60(__int64 a1, float a2) )

Code:

class CharacterHitBox
{
public:
	void EnlargeAndSetDims(float fMultiplier)
	{
		typedef __int64(__fastcall* EnlargeAndSetDimsFn)(void*, float);
		EnlargeAndSetDimsFn((uint64_t)GetModuleHandle("CShell_x64.dll") + 0x00)(this, fMultiplier);
	}
};

**freshall** · 12-29-2021

Originally Posted by Anger5K

Code:

class CharacterHitBox
{
public:
	void EnlargeAndSetDims(float fMultiplier)
	{
		typedef __int64(__fastcall* EnlargeAndSetDimsFn)(void*, float);
		EnlargeAndSetDimsFn((uint64_t)GetModuleHandle("CShell_x64.dll") + 0x00)(this, fMultiplier);
	}
};

what address should I take?

https://prnt.sc/2559ued

note:
if I take cshell_x64.dll + 0x1233380 I get this result:
https://prnt.sc/255dxno

if I take cshell_x64.dll + 0xCB8C60 I get crash game

**St.Bandera** · 12-30-2021

Naydi v telege crosscheat i svyagis so mnoy!

**freshall** · 12-31-2021

Originally Posted by Anger5K

Code:

class CharacterHitBox
{
public:
	void EnlargeAndSetDims(float fMultiplier)
	{
		typedef __int64(__fastcall* EnlargeAndSetDimsFn)(void*, float);
		EnlargeAndSetDimsFn((uint64_t)GetModuleHandle("CShell_x64.dll") + 0x00)(this, fMultiplier);
	}
};

Originally Posted by freshall

what address should I take?

https://prnt.sc/2559ued

note:
if I take cshell_x64.dll + 0x1233380 I get this result:
https://prnt.sc/255dxno

if I take cshell_x64.dll + 0xCB8C60 I get crash game

Anger5K, I need your help

**Anger5K** · 12-31-2021

Originally Posted by freshall

Anger5K, I need your help

hmmmm show me full source code

**freshall** · 12-31-2021

Originally Posted by Anger5K

Code:

class CharacterHitBox
{
public:
	void EnlargeAndSetDims(float fMultiplier)
	{
		typedef __int64(__fastcall* EnlargeAndSetDimsFn)(void*, float);
		EnlargeAndSetDimsFn((uint64_t)GetModuleHandle("CShell_x64.dll") + 0x00)(this, fMultiplier);
	}
};

Originally Posted by freshall

what address should I take?

https://prnt.sc/2559ued

note:
if I take cshell_x64.dll + 0x1233380 I get this result:
https://prnt.sc/255dxno

if I take cshell_x64.dll + 0xCB8C60 I get crash game

Originally Posted by Anger5K

hmmmm show me full source code

Code:

struct CCharacterHitBox
{

	void EnlargeAndSetDims(float fMultiplier)
	{
		typedef __int64(__fastcall* EnlargeAndSetDimsFn)(void*, float);
		EnlargeAndSetDimsFn((uint64_t)GetModuleHandle("CShell_x64.dll") + 0xCB8C60)(this, fMultiplier);
	}

	//???????????
}; //Size: 0x0000

struct cLTCharacterFX
{
	char pad_0000[1376]; //0x0000
	int8_t isDead; //0x0560
	char pad_0561[31]; //0x0561
	CCharacterHitBox* pCharaterHitbox; //0x0580
};


struct Player {
	PlayerModel* Object;//0x0000
	int8_t clientID; //0x0008
	int8_t team; //0x0009
	char name[14]; //0x000A
	cLTCharacterFX* pCharacFX; //0x0018
	int32_t iIndexOnScoreBoard; //0x0020
	int32_t bIsBot; //0x0024
	int32_t bHasC4; //0x0028
	int32_t bIsHost; //0x002C
	int64_t tRankType; //0x0030
	int64_t iUserID; //0x0038
	int32_t bIsObserver; //0x0040
	unsigned int health; //0x0044
	unsigned __int8 u8Kill; //0x0048
};
//
Player* pPlayer = GetPlayerByIndex(i);//(Player*)(CLT_SHELL + offsets::ENT_BEGIN + (i * offsets::PLAYER_SIZE_ENT));

pPlayer->pCharacFX->pCharaterHitbox->EnlargeAndSetDims(6.f);

**Anger5K** · 12-31-2021

Code:

	Player* me = GetPlayerByIndex(LTClientShell, gEngine->GetMyIndex());
	for (int i = 0; i < 16; i++)
	{
		Player* target = GetPlayerByIndex(LTClientShell, i);
		if (target != me) // exclude your lcoalplayer
		{
			if (gEngine->isValidPlayer(target)) // validated first then
			{
				if (target->TeamID != me->TeamID)// exclude your team 
				{
					pPlayer->pCharacFX->pCharaterHitbox->EnlargeAndSetDims(6.f);
				}

Enjoy!

**freshall** · 12-31-2021

Originally Posted by Anger5K

Code:

	Player* me = GetPlayerByIndex(LTClientShell, gEngine->GetMyIndex());
	for (int i = 0; i < 16; i++)
	{
		Player* target = GetPlayerByIndex(LTClientShell, i);
		if (target != me) // exclude your lcoalplayer
		{
			if (gEngine->isValidPlayer(target)) // validated first then
			{
				if (target->TeamID != me->TeamID)// exclude your team 
				{
					pPlayer->pCharacFX->pCharaterHitbox->EnlargeAndSetDims(6.f);
				}

Enjoy!

it's not working

Earlier I said that
if I take cshell_x64.dll + 0x1233380 I get this result:
https://prnt.sc/255dxno

if I take cshell_x64.dll + 0xCB8C60 I get crash game

so I asked which address exactly should I take
https://prnt.sc/2559ued

Thread: Superkill, CharacterHitBox

Thread Tools

Display

Superkill, CharacterHitBox

The Following User Says Thank You to Anger5K For This Useful Post:

Similar Threads

Como pegar address do SuperKill

SuperKill Versão Assembly

Como encontro o endereço do superkill?

SuperKill Address + Ajuda

[Release] CharacterHitBox Strut/ Info on Object.LTO