def override(self):
self.appName = "Black Ops 2 ehf application"
self.isDryRun = False
self.isProfiling = False
self.targetAppName = "t6mp.exe"
self.targetAppWindowClass = "CoDBlackOps"
self.targetMemStart = 0x00401000
self.targetMemSize = 0x00F00000
self.keyMouseInputState = \
{
# hold type
"LMB":entity.KeyMouse("LMB", 0x01, 1, False),
"RMB":entity.KeyMouse("RMB", 0x02, 1, False),
# toggle type
"INSERT":entity.KeyMouse("INSERT", 0x2D, 0, False),
}
# application-only attributes!
self.vars = {
"refdef_width" : 0,
"refdef_height" : 0,
"fov_x" : 0.0,
"fov_y" : 0.0,
"viewOrigin" : ehfmaths.VECTOR(),
"viewAxis" : [ehfmaths.VECTOR]*3,
"viewAngle" : ehfmaths.VECTOR(),
"players" : [Player() for i in range(datastruct.PLAYERMAX)],
}
def _calculatePlayerScreenSize(self, player, height=60):
centerX = self.appVars["refdef_width"] / 2
centerY = self.appVars["refdef_height"] / 2
# not the real pos!!
_headPos = ehfmaths.VECTOR(player.pos.x, player.pos.y,
player.pos.z + height)
feet = ehfmaths.worldToScreen(self.appVars["fov_x"],
self.appVars["fov_y"], centerX, centerY,
self.appVars["viewAxis"][0],
self.appVars["viewAxis"][1],
self.appVars["viewAxis"][2],
self.appVars["viewOrigin"], player.pos)
head = ehfmaths.worldToScreen(self.appVars["fov_x"],
self.appVars["fov_y"], centerX, centerY,
self.appVars["viewAxis"][0],
self.appVars["viewAxis"][1],
self.appVars["viewAxis"][2],
self.appVars["viewOrigin"], _headPos)
sizeX, sizeY = 0, 0
if feet and head:
sizeY = feet.y - head.y
sizeX = sizeY / 2.75 # standing up
if sizeY < 10:
sizeY = 10
return (feet, head, sizeX, sizeY)
def __init__(self):
self.valid = 0
self.pos = None
self.newpos = None
self.oldpos = None
self.prev_pos = None
self.pitch = 0
self.yaw = 0
self.roll = 0
self.client_num = 0
self.type = 0
self.pose = 0
self.shooting = 0
self.zoomed = 0
self.weapon_num = 0
self.alive = 0
self.enemy = False
self.name = ""
self.team = 0
self.perk = 0
self.color_esp = 0
self.color_map = 0
self.motion = maths.VECTOR(
0, 0, 0) # motion vector of the player, in game units per second
self.entity = None
self.client_info = None
self.aimbot = True # this entity is eligible for aimbot
def __init__(self, idx):
self.idx = idx # index of entity object
self.startoflife = -1 # time_code when the entity was first tracked
self.endoflife = -1 # time_code when the object will not exist anymore
self.pos = maths.VECTOR() # position
self.yaw = 0
self.type = 0 # type of object (as in entity)
self.alive = 0 # alive attribute (as in entity)
self.weapon_num = 0 # weaponnum (as in entity)
self.model_name = "" # model name
self.planter = None # player who planted the explosive
self.enemy = True # is entity enemy?
# following attributes mimick player attributes to make it aimbotable
self.aimbot = False # not eligible for aimbot by dfault
self.valid = True
self.pose = 0 # standard standing
self.newpos = maths.VECTOR()
self.oldpos = maths.VECTOR()
def override(self):
self.appName = "cod4 ehf application"
self.isDryRun = False
self.isProfiling = False
self.targetAppName = "iw3mp.exe"
self.targetAppWindowClass = "CoD4"
self.targetMemStart = 0x00401000
self.targetMemSize = 0x00700000
self.keyMouseInputState = \
{
# hold type
"LMB":entity.KeyMouse("LMB", 0x01, 1, False),
"RMB":entity.KeyMouse("RMB", 0x02, 1, False),
# toggle type
"INSERT":entity.KeyMouse("INSERT", 0x2D, 0, False),
}
# application-only attributes!
self.vars = {
"refdef_width": 0,
"refdef_height": 0,
"fov_x": 0.0,
"fov_y": 0.0,
"viewOrigin": ehfmaths.VECTOR(),
"viewAxis": [ehfmaths.VECTOR] * 3,
"viewAngle": ehfmaths.VECTOR(),
"players": [Player() for i in range(datastruct.PLAYERMAX)],
}
# the window-drawing mode, options are: overlay and standard
self.windowMode = "standard"
# these values must be set if the windowMode is "standard"
self.stdOriginX = 200
self.stdOriginY = 200
self.stdResolutionX = 320
self.stdResolutionY = 200
def _run(self):
self.delayedInit()
# get primaryVars and vars repository
_vars = self._appAttr["AppInfo"].vars
_prmVars = self._appAttr["AppInfo"].primaryVars
# get a reference to the memory reader
mr = self._appAttr["MemoryReader"]
# game time (tick count)
_ptr = win32types.DWORD()
mr._rpm(self.gameTimeAddress, _ptr, 4)
_vars["GameTime"] = _ptr.value
self._appAttr["AppInfo"].displayTextList.append( (0, "%s"%_ptr.value ) )
# -------------- get the client player manager from context -----------------
_ptr = win32types.DWORD()
mr._rpm(self.clientGameContext+0x30, _ptr, 4)
self.clientPlayerManager = _ptr.value
# ===========================================================================
# ----------- get the eastl vector object that holds ptrs --------------------
# [IMPORTANT]: this vector object is stored directly into the player manager
# rather than a pointer!!!
# [IMPORTANT]: the class listing from UC is out-dated, it said 0x98
self.eastlVectorClientPlayers = self.clientPlayerManager+0x9C
# ============================================================================
# -------------- get the player count and array address ----------------------------------------
_ptr = win32types.DWORD()
mr._rpm(self.eastlVectorClientPlayers, _ptr, 4)
self.ptrArrayClientPlayerAddress = _ptr.value
_ptr = win32types.DWORD()
mr._rpm(self.eastlVectorClientPlayers+0x4, _ptr, 4)
self.ptrArrayClientPlayerLastAddress = _ptr.value
self.playerCount = (self.ptrArrayClientPlayerLastAddress - self.ptrArrayClientPlayerAddress) / 4
# ==============================================================================================
# -------------- get the array of client player ptrs, NOTE THE DATA SIZE------------------------
mr._rpm(self.ptrArrayClientPlayerAddress, self.ptrArrayClientPlayer, datastruct.MAXPLAYER * 4)
# ==============================================================================================
# -------------- get local player (to differentiate enemy from team mate) ----------------------
_ptr = win32types.DWORD()
mr._rpm(self.clientPlayerManager+0xBC, _ptr, 4)
self.localPlayerAddress = _ptr.value
if self.localPlayerAddress:
_ptr = win32types.DWORD()
mr._rpm(self.localPlayerAddress+0x31C, _ptr, 4)
self.localPlayerTeamId = _ptr.value
_vars["localPlayerTeamId"] = self.localPlayerTeamId
_vars["localPlayerAddress"] = self.localPlayerAddress
# ==============================================================================================
# -------------- get view projection matrix ------------------
linearTransform = ehfmaths.CameraTransform()
mr._rpm(self.gameRenderer+0xDE0, linearTransform, 64)
# forward vector
forward = linearTransform.getForwardVect3()
# up vector
up = linearTransform.getUpVec3()
# right vector (the original VECTOR is actual LEFT-pointing!!!)
right = linearTransform.getRightVec3().scalar_mul(-1)
# trans vector
viewOrigin = linearTransform.getTransVect3()
# forward ==> right ; right = old_forward
# right ==> back ==> forward inverse; forward = inverse old_right
# up ==> up ; up = old_up
_vars["rightVec"] = right
_vars["upVec"] = up
_vars["forwardVec"] = forward
_vars["viewAxisX"] = _vars["rightVec"]
_vars["viewAxisY"] = _vars["upVec"]
_vars["viewAxisZ"] = _vars["forwardVec"]
_vars["viewOrigin"] = viewOrigin
# ============================================================
# -------------- get fovX/fovH, fovY/fovV (fovX >> fovY!) ---------------
_memValue = win32types.c_float()
mr._rpm(self.gameRenderer+0x48+0x50, _memValue, 4)
fovY = _memValue.value
_memValue = win32types.c_float()
mr._rpm(self.gameRenderer+0x1F0+0x50, _memValue, 4)
fovX = _memValue.value
_memValue = win32types.c_float()
mr._rpm(self.gameRenderer+0x54+0x50, _memValue, 4)
zf = _memValue.value
_memValue = win32types.c_float()
mr._rpm(self.gameRenderer+0x50+0x50, _memValue, 4)
zn = _memValue.value
_vars["fov_x"] = fovX
_vars["fov_y"] = fovY
_vars["zn"] = zn
_vars["zf"] = zf
# ============================================================
# check if it's in the dry-run mode - in this mode all the soldier
# data are pre-generated mock-ups
if self._application._dryRun:
for idx in range(1):
_vars["players"][idx].setPosition(ehfmaths_types.VECTOR4(56.0, 34.0, 100.0, 1.0))
_vars["players"][idx].setTeamId(1)
_vars["players"][idx].setAddress(0x1337)
self._appAttr["AppInfo"].displayTextList.append((0, "Dry-run mode"))
return
# TODO: [IMPORTANT] forget about the MAXPLAYER constant, compute the player count on the fly!!!
count = 0
for idx in range(self.playerCount):
_vars["players"][idx].initialise()
# get each client player object's address
clientPlayer = self.ptrArrayClientPlayer.arr[idx]
if not clientPlayer:
continue
playerName = ''
playerTeamId = 0x0
clientSoldierEntity = 0x0
clientSoldierEntity_sub4 = 0x0
replicatedController = 0x0
clientSoldierPosition = ehfmaths.VECTOR()
poseType = 0x0
yaw = 0.0
# ----------------- get name -------------------
# check if the string object is invalid
_ptr = win32types.DWORD()
mr._rpm(clientPlayer+0x10, _ptr, 4)
#if not _ptr.value:
# continue
# read c char array from the string object
_string = ctypes.create_string_buffer(16)
mr._rpm(_ptr.value, _string, 16)
#if not len(_string.value ):
# continue
playerName = _string.value
_ptr = win32types.DWORD()
mr._rpm(clientPlayer+0x31C, _ptr, 4)
playerTeamId = _ptr.value
# ==============================================
# --------------- get client solder entity ---------------------
_weakptr = win32types.DWORD()
_weakptr_sub4 = win32types.DWORD()
# this seems to be some "ghost" soldier entity, it will be a valid
# ptr as soon as the player dies
# [IMPORTANT]: the class listing from UC is out-dated! it said 3BC
mr._rpm(clientPlayer+0x3C4, _weakptr, 4)
# this seems to be the in-battle soldier entity!
mr._rpm(clientPlayer+0x3C4-0x4, _weakptr_sub4, 4)
clientSoldierEntity = _weakptr.value
clientSoldierEntity_sub4 = _weakptr_sub4.value
# ==============================================================
# --------------- get client soldider position ! ------------------
if clientSoldierEntity_sub4:
_ptr = win32types.DWORD()
mr._rpm(clientSoldierEntity_sub4, _ptr, 4)
cse = _ptr.value
# get replicatedController
_ptr = win32types.DWORD()
mr._rpm(cse+0x24C, _ptr, 4) # Mar 2013 patch, 0x23C -> 0x24C
replicatedController = _ptr.value
# get position vec3 (vec4 in the memory) object+0x10
mr._rpm(replicatedController+0x10, clientSoldierPosition, 12)
# get the pose type object+0x5c
# _varible = win32types.DWORD()
# mr._rpm(replicatedController+0x5C, _varible, 4)
# poseType = _varible.value
# get the yaw value, read from CharacterPhysicsEntity: soldierEntity+0x74
# _ptr = win32types.DWORD()
# mr._rpm(cse+0x74, _ptr, 4)
# characterPhysicsEntity = _ptr.value
# _variable = win32types.c_float()
# if characterPhysicsEntity > 10000:
# mr._rpm(characterPhysicsEntity+0x38, _varible, 4)
# yaw = _varible.value
# ==================================================================
_vars["players"][idx].setPosition(clientSoldierPosition)
_vars["players"][idx].setTeamId(playerTeamId)
_vars["players"][idx].setAddress(clientPlayer)
_vars["players"][idx].setPoseType(poseType)
_vars["players"][idx].setYaw(yaw)
if clientPlayer == self.localPlayerAddress:
_vars["viewOrigin"] = clientSoldierPosition.toPyVector3()
_vars["viewOrigingPoseType"] = poseType
_vars["viewOriginYaw"] = yaw
# for debug purpose:
# _prmVars["pc"] = self.localPlayerAddress
# _prmVars["pcRc"] = replicatedController
# _prmVars["pcCse"] = cse
count += 1
self._appAttr["AppInfo"].displayTextList.append(
(0, "player count: %d, total: %d" % (count, self.playerCount))
)