学习技术联系微信:i-xiaodi 备用微信:Binary_uncle_-学技术网
学习技术联系微信:i-xiaodi 备用微信:Binary_uncle_-学技术网
学习技术联系微信:i-xiaodi 备用微信:Binary_uncle_-学技术网
学习技术联系微信:i-xiaodi 备用微信:Binary_uncle_

CS1.6自动瞄准aimbot源码C/C++

小迪xiaodi老师等级-LV5-学技术网3个月前发布
560

前言

很久前拿来做课件的代码,拿出来分享给大家,编译可用

代码

main.cpp

#define _CRT_SECURE_NO_WARNINGS

#include <Windows.h>
#include <sstream>
#include <iostream>
#include <math.h>
#include "ProcessHack.h"
#include <vector>
#include <algorithm>

CHackProcess fProcess;

using namespace std;


int NumOfPlayers = NULL;//除自己外人物数量

const DWORD dw_PlayerCount = 0x162CB0;//mp.dll 房间人物数据数量模块指针 0x54:本阵营人物数量 0x58:敌人阵营人物数量

const DWORD dw_Player_Base = 0x25069BC;//人物指针

const DWORD dw_myteaOffset = 0x5F73E4;//队伍判断

const DWORD dw_health = 0x1e0;//血量指针

const DWORD dw_pos = 0x88;//人物坐标X指针

const DWORD EntityPlayer_Base = 0x97260;//amxmodx 房间人物模型数组地址1   地址偏移0x230

const DWORD EntityPlayerTeamOffsets = 0x130;//房间模型阵营判断指针

const DWORD EntityLoopDistance = 0x230;//敌人地址偏移量

const DWORD dw_angRotation = 0x2DE10C4;//鼠标Y坐标  Y = X - 4

//自己结构
struct MyPlayer_t
{
	DWORD CLocalPlayer;
	int Team;
	float Health;
	float Position[3];
	DWORD TeamNumAdd;
	int myTeamNum;
	int EntityTeamNum;
	
	void ReadInformation()
	{
		//读取人物地址(第一套人物地址:25069BC)
		//ReadProcessMemory(fProcess.__HandleProcess, (PBYTE*)(0x25069BC), &CLocalPlayer, sizeof(DWORD), 0);

		//读出【自己amxmod】模型基地址
		ReadProcessMemory(fProcess.__HandleProcess, (PBYTE*)(fProcess.__dwordamxmodx + 0x97030), &CLocalPlayer, sizeof(DWORD), 0);
		//读取人物血量
		ReadProcessMemory(fProcess.__HandleProcess, (PBYTE*)(CLocalPlayer + dw_health), &Health, sizeof(float), 0);
		//读取人物坐标
		ReadProcessMemory(fProcess.__HandleProcess, (PBYTE*)(CLocalPlayer + dw_pos), &Position, sizeof(float[3]), 0);
		//读取房间人物数量地址
		ReadProcessMemory(fProcess.__HandleProcess, (PBYTE*)(fProcess.__dwordmp + dw_PlayerCount), &TeamNumAdd, sizeof(DWORD), 0);
		//读出本阵营人数
		ReadProcessMemory(fProcess.__HandleProcess, (PBYTE*)(TeamNumAdd + (0x54)), &myTeamNum, sizeof(int), 0);
		//读出敌人阵营人数
		ReadProcessMemory(fProcess.__HandleProcess, (PBYTE*)(TeamNumAdd + (0x58)), &EntityTeamNum, sizeof(int), 0);
		//取出遍历人物的数量
		//ReadProcessMemory(fProcess.__HandleProcess, (PBYTE*)(fProcess.__dwordamxmodx + 0x96184), &NumOfPlayers, sizeof(DWORD), 0);


		NumOfPlayers = (myTeamNum - 1) + EntityTeamNum;
		//读Team
		ReadProcessMemory(fProcess.__HandleProcess, (PBYTE*)(fProcess.__dwordhl + dw_myteaOffset), &Team, sizeof(int), 0);
		//取出敌人数量
		//ReadProcessMemory(fProcess.__HandleProcess, (PBYTE*)(CNumoftarget + (0x58)), &NumOfPlayers, sizeof(int), 0);


	}
}MyPlayer;

//距离转换<->D3D坐标转换
struct TargetList_t
{
	float Distance;
	float AimbotAngle[3];

	TargetList_t()
	{
	}

	TargetList_t(float aimbotAngle[], float myCoords[], float enemyCoords[])
	{
		//获取敌人到我的距离
		Distance = Get3dDistance(myCoords[0], myCoords[1], myCoords[2],
			enemyCoords[0], enemyCoords[1], enemyCoords[2]);

		AimbotAngle[0] = aimbotAngle[0];
		AimbotAngle[1] = aimbotAngle[1];
		AimbotAngle[2] = aimbotAngle[2];
	}
	//D3D距离转换
	float Get3dDistance(float myCoordsX, float myCoordsZ, float myCoordsY,
						float enX, float enZ, float enY)
	{
		return sqrt(
			pow(double(enX - myCoordsX), 2.0) +
			pow(double(enY - myCoordsY), 2.0) +
			pow(double(enZ - myCoordsZ), 2.0));
	}
};

//其他人数据结构
struct PlayerList_t
{
	DWORD CbaseEntity;
	int Team;
	float Health;
	float Position[3];
	float AimbotAngle[3];

	void ReadInformation(int player)
	{
		//读出模型基地址
		ReadProcessMemory(fProcess.__HandleProcess, (PBYTE*)(fProcess.__dwordamxmodx + (EntityPlayer_Base + (player * EntityLoopDistance))), &CbaseEntity, sizeof(DWORD), 0);
		//读取敌人血量
		ReadProcessMemory(fProcess.__HandleProcess, (PBYTE*)(CbaseEntity + dw_health), &Health, sizeof(float), 0);
		//读取敌人坐标
		ReadProcessMemory(fProcess.__HandleProcess, (PBYTE*)(CbaseEntity + dw_pos), &Position, sizeof(float[3]), 0);
		//读敌人阵营
		ReadProcessMemory(fProcess.__HandleProcess, (PBYTE*)(fProcess.__dwordamxmodx + (EntityPlayer_Base + (player * EntityLoopDistance) + EntityPlayerTeamOffsets)), &Team, sizeof(int), 0);
	}
}PlayerList[32];

//比较敌人距离
struct CompaerTatgetEnArry
{
	bool operator()(TargetList_t & lhs, TargetList_t & rhs)
	{
		return lhs.Distance < rhs.Distance;
	}
};

//世界坐标转换屏幕坐标
void CalcAngle(float *src, float *dst, float *angles)
{
	double delta[3] = { (src[0] - dst[0]), (src[1] - dst[1]), (src[2] - dst[2]) };
	double hyp = sqrt(delta[0] * delta[0] + delta[1] * delta[1]);
	angles[0] = (float)((asinf(delta[2] / hyp)) * 57.295779513082f);
	angles[1] = (float)((atanf(delta[1] / delta[0])) * 57.295779513082f);
	angles[2] = 0.0f;

	if (delta[0] >= 0.0)
	{
		angles[1] += 180.0f;
	}

}


//自瞄
void Aimbot()
{
	TargetList_t *TargetList = new TargetList_t[NumOfPlayers];
	int targetLoop = 0;

	for (int i = 0; i < NumOfPlayers; i++)
	{
		//读出敌人数据
		PlayerList[i].ReadInformation(i);

		//判断阵营
		if (PlayerList[i].Team == MyPlayer.Team)
			continue;
		//判断是否死亡
		if (PlayerList[i].Health < 2)
			continue;

		CalcAngle(MyPlayer.Position, PlayerList[i].Position, PlayerList[i].AimbotAngle);

		TargetList[targetLoop] = TargetList_t(PlayerList[i].AimbotAngle, MyPlayer.Position, PlayerList[i].Position);

		targetLoop++;
	}
	
	if (targetLoop>0)
	{
		std::sort(TargetList, TargetList + targetLoop, CompaerTatgetEnArry());
		if (!GetAsyncKeyState(VK_RBUTTON))
		{
			WriteProcessMemory(fProcess.__HandleProcess, (PBYTE*)dw_angRotation, TargetList[0].AimbotAngle, 12, 0);
		}

	}


	targetLoop = 0;

	delete[] TargetList;
}


int main()
{
	fProcess.RunProcess();
	cout << "微信i-xiaodi教大家自己制作自瞄-----> 自瞄开启!" << endl;

	SetConsoleTitle("CS1.6自瞄  鼠标右键取消瞄准   F6关闭程序     ");

	while (!GetAsyncKeyState(VK_F6))
	{
		MyPlayer.ReadInformation();
		if (MyPlayer.myTeamNum >= 1)//判断是否在游戏
		{
			Aimbot();
			//Sleep(10);
		}
		else
		{
			Sleep(10);
		}
	}
}

ProcessHack.h

#pragma once

#include <Windows.h>
#include <TlHelp32.h>

class CHackProcess
{
public:

	PROCESSENTRY32 __gameProcess;
	HANDLE __HandleProcess;
	HWND __HWNDCss;
	DWORD __dwordamxmodx;
	DWORD __dwordmp;
	DWORD __dwordhl;
	//DWORD __dwordVGui;
	//DWORD __dwordLibCef;
	//DWORD __dwordSteam;
	DWORD FindProcessName(const char *__ProcessName, PROCESSENTRY32 *pEntry)
	{
		PROCESSENTRY32 __ProcessEntry;
		__ProcessEntry.dwSize = sizeof(PROCESSENTRY32);
		HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
		if (hSnapshot == INVALID_HANDLE_VALUE) return 0;        if (!Process32First(hSnapshot, &__ProcessEntry))
		{
			CloseHandle(hSnapshot);
			return 0;
		}
		do{
			if (!_strcmpi(__ProcessEntry.szExeFile, __ProcessName))
			{
				memcpy((void *)pEntry, (void *)&__ProcessEntry, sizeof(PROCESSENTRY32));
				CloseHandle(hSnapshot);
				return __ProcessEntry.th32ProcessID;
			}
		} while (Process32Next(hSnapshot, &__ProcessEntry));
		CloseHandle(hSnapshot);
		return 0;
	}


	DWORD getThreadByProcess(DWORD __DwordProcess)
	{
		THREADENTRY32 __ThreadEntry;
		__ThreadEntry.dwSize = sizeof(THREADENTRY32);
		HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
		if (hSnapshot == INVALID_HANDLE_VALUE) return 0;

		if (!Thread32First(hSnapshot, &__ThreadEntry)) { CloseHandle(hSnapshot); return 0; }

		do {
			if (__ThreadEntry.th32OwnerProcessID == __DwordProcess)
			{
				CloseHandle(hSnapshot);
				return __ThreadEntry.th32ThreadID;
			}
		} while (Thread32Next(hSnapshot, &__ThreadEntry));
		CloseHandle(hSnapshot);
		return 0;
	}

	DWORD GetModuleNamePointer(LPSTR LPSTRModuleName, DWORD __DwordProcessId)
	{
		MODULEENTRY32 lpModuleEntry = { 0 };
		HANDLE hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, __DwordProcessId);
		if (!hSnapShot)
			return NULL;
		lpModuleEntry.dwSize = sizeof(lpModuleEntry);
		BOOL __RunModule = Module32First(hSnapShot, &lpModuleEntry);
		while (__RunModule)
		{
			if (!strcmp(lpModuleEntry.szModule, LPSTRModuleName))
			{
				CloseHandle(hSnapShot);
				return (DWORD)lpModuleEntry.modBaseAddr;
			}
			__RunModule = Module32Next(hSnapShot, &lpModuleEntry);
		}
		CloseHandle(hSnapShot);
		return NULL;
	}


	void runSetDebugPrivs()
	{
		HANDLE __HandleProcess = GetCurrentProcess(), __HandleToken;
		TOKEN_PRIVILEGES priv;
		LUID __LUID;
		OpenProcessToken(__HandleProcess, TOKEN_ADJUST_PRIVILEGES, &__HandleToken);
		LookupPrivilegeValue(0, "seDebugPrivilege", &__LUID);
		priv.PrivilegeCount = 1;
		priv.Privileges[0].Luid = __LUID;
		priv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
		AdjustTokenPrivileges(__HandleToken, false, &priv, 0, 0, 0);
		CloseHandle(__HandleToken);
		CloseHandle(__HandleProcess);
	}



	void RunProcess()
	{
		//commented lines are for non steam versions of the game
		runSetDebugPrivs();
		while (!FindProcessName("hl.exe", &__gameProcess)) Sleep(100);
		while (!(getThreadByProcess(__gameProcess.th32ProcessID))) Sleep(100);
		__HandleProcess = OpenProcess(PROCESS_ALL_ACCESS, false, __gameProcess.th32ProcessID);
		while (__dwordamxmodx == 0x0) __dwordamxmodx = GetModuleNamePointer("amxmodx_mm.dll", __gameProcess.th32ProcessID);
		while (__dwordmp == 0x0) __dwordmp = GetModuleNamePointer("mp.dll", __gameProcess.th32ProcessID);
		while(__dwordhl == 0x0) __dwordhl = GetModuleNamePointer("hl.exe", __gameProcess.th32ProcessID);
		__HWNDCss = FindWindow(NULL, "Counter-Strike");
	}
};

extern CHackProcess fProcess;
评分
欢迎为Ta评分
赞赏
分享
请登录后发表评论

    没有回复内容

分享
C/C++编程社区-学技术网

C/C++编程社区

C/C++编程交流
发布
帖子
19
互动
126
阅读
2088
小迪xiaodi老师的头像-学技术网全站终身黑卡VIP
实战通杀64位int3异常VEH HOOK+特征码二改软件标题+界面文字代码
VEH HOOK硬断+winspool.drv劫持注入C/C++实战案例源码
CS1.6原创D3D方框透视、射线、显血源码C/C++
小迪老师C/C++多线程原创抓包工具开源
生死狙击方框透视自动瞄准源码C/C++
发布文章发布帖子
扫码添加微信-学技术网
在手机上浏览此页面
zibll子比主题
邀请注册
邀请注册送技术课程活动暂未开启,请关注群内通知
查看详情