Aimbot Coding
This tutorial is not the way to make an universal aimbot for any game, just only one possible way
Tools needed :
- Favorite Memory Searcher (T-Search, Cheat Engine)
- C/C++ Compiler (e.g. VC++ )
- Game with FPS style view (This guide uses Delta Force Xtreme v1.6.5.0 )
A knowledge of the following subjects also helps :
- How memory is stored (understanding structures within a game)
- How to search for addresses
- Pointer searching to resolve DMA within out trainer
- A lot of time and patience, and some math knowledge including trigonometry and common sense
- A knowledge of C/C++
Right...to get started, I guess explaining the basis of how the aimbot will work is a good idea. I was thinking through a few different methods on how to do it, but was stumped on 1 bit for ages. It was obvious ( to me at least) that we would have to get the enemies position. But it was what to do with that which stumped me, I didn't know how to use that data to my advantage and set my crosshair onto it...then finally those years of math in school came into play.
What we do, is get our position by co-ordinates, in X,Y and Z (or East/West, North/South and Height), and the same for the enemy. With this, we can work out our relative angle between North (or a different point, which comes up later), our player, and the enemy. So in at the end of that, we get our angle to aim for (away from North) in order to look at the enemy. This is then used to set our rotational look onto the enemy. Then we do the same with the height (between a point which is straight ahead of us, our player, and the enemy) to get the angle we need to aim up/down.
I probably just nailed a few of your brain cells by trying to get you to understand that, but don't worry, hopefully it will all come out clearer in a bit. Now that’s most of the theory on how it works, time to get to actually doing it.
We have 3 blank functions:
GetMyPlayerData(void)
PLAYER_DATA GetPlayerData(BYTE PlayerNumber)
void SetCrosshairOnEnemy(BYTE PlayerNumber)
PLAYER_DATA? Yup, to make things tidier in my programming, I like to use some structs as well as functions. My PLAYER_DATA structure holds valuable information about a player. Such as:
typedef struct _PLAYER_DATA {
DWORD baseadd; // base address of this current player
DWORD coordEW; // East/West (X) co-ord
DWORD coordNS; // North/South (Y) co-ord
DWORD coordUD; // Up/Down (Z) co-ord
DWORD coordEWa; // The address of the players EW co-ord
DWORD coordNSa; // The address of the players NS co-ord
DWORD coordUDa; // The address of the players UD (up/down..wtf was i thinking when naming this) co-ord
DWORD lookX; // The players X-axis look (what will change if you move the mouse side to side)
DWORD lookY; // The players Y-axis look (what will change if you move the mouse forwards and backwards)
DWORD lookXa; // The address of the X look
DWORD lookYa; // The address of the Y look
DWORD namea; // The address of the current players name
char name; // Holds the current players name
} PLAYER_DATA;
I don't really know why I put all the addresses for everything in the struct, but hell, might come in use when making something one day. All the stuff in there will come to use when making our aimbot, so here's how to search for each of them (in DFX at least).
The easiest to start with is name, use Artmoney's Text search
Co-ords:
NS - Move north, search increased, move south, search decreased
EW - Move east, search increased, move west, search decreased
UD - Move up (a hill/ladder), search increased, move down, search decreased
LookX - Move mouse left/right, search has changed...set your search range to around the other addies to narrow search down (this value may be different to DFX. In DFX, 0 was east, and it increased as you went anti-clockwise until you got to just before east, which was 0xFFFFFFFF)
LookY - Move mouse forward/backward, search has changed
You should be able to get the player base address from near enough any of these, and a pointer to get it in game. I use 2 pointers, 1 which always points to player 0's (or 1, the 1st player in memory)'s base address, and 1 which always points to the base address of my player. Now we can modify the GetMyPlayerData and GetPlayerData functions to get us this info:
At the top of the C++, I define the bases:
#define mBase 0xBD63D8 // mBase = My Base, always holds my players base address
#define hBase 0xB0D228 // hBase = Host Base
PLAYER_DATA GetMyPlayerData(void)
{
PLAYER_DATA Player; // Create a blank PLAYER_DATA struct
ZeroMemory(&Player, sizeof(PLAYER_DATA)); // Initiate it all to 0
Peek((void*)mBase,(void*)&Player.baseadd,4); // Get our players Base Address from the pointer
// Get all the addies for everything...the 0x8, 0xC and shit are the offsets I found for DFX
Player.coordEWa = Player.baseadd + 0x8;
Player.coordNSa = Player.baseadd + 0xC;
Player.coordUDa = Player.baseadd + 0x10;
Player.lookXa = Player.baseadd + 0x14;
Player.lookYa = Player.baseadd + 0x18;
Player.namea = Player.baseadd + 0xF4;
// Now we got all the addies, read in the info from em all
Peek((void*)Player.coordEWa,(void*)&Player.coordEW ,4);
Peek((void*)Player.coordNSa,(void*)&Player.coordNS ,4);
Peek((void*)Player.coordUDa,(void*)&Player.coordUD ,4);
Peek((void*)Player.lookXa,(void*)&Player.lookX,4);
Peek((void*)Player.lookYa,(void*)&Player.lookY,4);
Peek((void*)Player.namea,(void*)&Player.name,15);
return Player; // Give our PLAYER_DATA Player, as the return value
}
PLAYER_DATA GetPlayerData(BYTE PlayerNum) // Takes the number of the player as a param
{
PLAYER_DATA Player;
ZeroMemory(&Player, sizeof(PLAYER_DATA));
Peek((void*)hBase,(void*)&Player.baseadd,4);
// 0x388 is the gap between players, starting with player 1
Player.baseadd = Player.baseadd + (PlayerNum*0x388);
Player.coordEWa = Player.baseadd + 0x8;
Player.coordNSa = Player.baseadd + 0xC;
Player.coordUDa = Player.baseadd + 0x10;
Player.lookXa = Player.baseadd + 0x14;
Player.lookYa = Player.baseadd + 0x18;
Player.namea = Player.baseadd + 0xF4;
Peek((void*)Player.coordEWa,(void*)&Player.coordEW ,4);
Peek((void*)Player.coordNSa,(void*)&Player.coordNS ,4);
Peek((void*)Player.coordUDa,(void*)&Player.coordUD ,4);
Peek((void*)Player.lookXa,(void*)&Player.lookX,4);
Peek((void*)Player.lookYa,(void*)&Player.lookY,4);
Peek((void*)Player.namea,(void*)&Player.name,15);
return Player;
}
Now that we've made our functions to collect all the data we need, it's time to get to the core of the aimbot. Got a feeling this is gonna be a lot of reading, so if I were you I'd go get a snack and a drink or something, then come back
Math knowledge is needed to make this! If you're useless at math, and still reading, you're also useless at English for not understanding the knowledge requirements at the top Let’s start with the X look.
Because DFX works around the East point (facing Directly east = 0x00000000/0xFFFFFFFF), then all our calculations will be made off it. To help the understanding with this tutorial, I'll include some snazzy little photoshuppered drawings, woo
The aimbot works in 4 sectors. This makes things easier when finding out distances. Here are the sectors and how to determine what sector an enemy is in :
Sector 1 = South-East of our position
Sector 2 = South-West of our position
Sector 3 = North-West of our position
Sector 4 = North-East of our position
So, let's add these sectors to our source code. Note that also we have to tell our aimbot what to do if they are, for example, east of us, but the same on the NS axis. No need to put the code for if they are the same on both the NS and the EW axis, as otherwise you won't need it to set an aim for you, you're on them
void SetCrosshairOnEnemy(BYTE PlayerNumber)
{
PLAYER_DATA oP = GetPlayerData(PlayerNumber); // oP = Opposition's Player
PLAYER_DATA cP = GetMyPlayerData(); // cP = Current Player (our player) .. sorry for bad var names
/*Sec 1*/
if(oP.coordEW > cP.coordEW && oP.coordNS <= cP.coordNS)
{ }
/*Sec 2*/
if(oP.coordEW <= cP.coordEW && oP.coordNS < cP.coordNS)
{ }
/*Sec 3*/
if(oP.coordEW < cP.coordEW && oP.coordNS >= cP.coordNS)
{ }
/*Sec 4*/
if(oP.coordEW >= cP.coordEW && oP.coordNS > cP.coordNS)
{ }
}
Now, to get the angle we need to look, we have to make a triangle between the EW axis, us, and the player. Then we have to find the angle of which we are the apex. Here's 1 of the snazzy little drawings:
This is a top view :
Blue dot = Our player
Red dot = enemy
Green = The triangle we make
Purple = The angle we need to find
Orange = The difference's we need to work out for the angle
Incase you've forgotten Trigonometry, then due to the 2 side we can get the easiest we will the Tangent function :
Tan(angle) = Opposite/Adjacent
In all our sectors, the Adjacent is the EW difference, and the Opposite is the NS difference. So let's add some coding to our function:
void SetCrosshairOnEnemy(BYTE PlayerNumber)
{
PLAYER_DATA oP = GetPlayerData(PlayerNumber);
PLAYER_DATA cP = GetMyPlayerData();
double EWdif; // These need to be double for our Trig calculations to work later on
double NSdif;
/*Sec 1*/
if(oP.coordEW > cP.coordEW && oP.coordNS <= cP.coordNS)
{
EWdif = oP.coordEW - cP.coordEW;
NSdif = cP.coordNS - oP.coordNS;
}
/*Sec 2*/
if(oP.coordEW <= cP.coordEW && oP.coordNS < cP.coordNS)
{
EWdif = cP.coordEW - oP.coordEW;
NSdif = cP.coordNS - oP.coordNS;
}
/*Sec 3*/
if(oP.coordEW < cP.coordEW && oP.coordNS >= cP.coordNS)
{
EWdif = cP.coordEW - oP.coordEW;
NSdif = oP.coordNS - cP.coordNS;
}
/*Sec 4*/
if(oP.coordEW >= cP.coordEW && oP.coordNS > cP.coordNS)
{
EWdif = oP.coordEW - cP.coordEW;
NSdif = oP.coordNS - cP.coordNS;
}
}
Please note that in each sector, the calculations ARE NOT the same. You need to do the biggest take away the smallest...hope that's obvious. Right, so now we have this, we need to get the angle in degrees. For this, we need to do go back to the formula:
Tan(angle) = Opposite/Adjacent
Tan(angle) = NSdif/EWdif
We need to do the Inverse Tangent function of this, so that we get the angle rather than the Tangent of the angle. The function to do this is atan (could have used atan2 but didn't know of this function at the time of programming). It takes 1 double parameter, and returns a double value of the angle in radians. But this is no good for us, we want it in degrees. Well, to turn radians into degrees, its a multiplication of '57.29578', as found off the internet Remember to include <math.h> for the atan function
Then, due to our X-look not having a maximum of 360, it goes up to 0xFFFFFFFF (4294967295), we need to find the percentage what this angle is of 360. This is so that we can find out what value we need to use, for example:
If the angle was 90 degrees
90/360 = 0.25 (decimal percentage of the angle)
0xFFFFFFFF * 0.25 = 3FFFFFFF (roughly), which is the new value we need to use
Let's put this in the code.
void SetCrosshairOnEnemy(BYTE PlayerNumber)
{
PLAYER_DATA oP = GetPlayerData(PlayerNumber);
PLAYER_DATA cP = GetMyPlayerData();
double EWdif;
double NSdif;
double angleA; // The angle in degrees between the enemy, east, and us
double angleP; // The decimal percentage of the angle
/*Sec 1*/
if(oP.coordEW > cP.coordEW && oP.coordNS <= cP.coordNS)
{
EWdif = oP.coordEW - cP.coordEW;
NSdif = cP.coordNS - oP.coordNS;
angleA = atan(NSdif/EWdif) * 57.29578; // Remember, the 57.29578 is to convert from radians to degrees
angleP = (angleA/360);
}
/*Sec 2*/
if(oP.coordEW <= cP.coordEW && oP.coordNS < cP.coordNS)
{
EWdif = cP.coordEW - oP.coordEW;
NSdif = cP.coordNS - oP.coordNS;
angleA = atan(NSdif/EWdif) * 57.29578;
angleP = (angleA/360);
}
/*Sec 3*/
if(oP.coordEW < cP.coordEW && oP.coordNS >= cP.coordNS)
{
EWdif = cP.coordEW - oP.coordEW;
NSdif = oP.coordNS - cP.coordNS;
angleA = atan(NSdif/EWdif) * 57.29578;
angleP = (angleA/360);
}
/*Sec 4*/
if(oP.coordEW >= cP.coordEW && oP.coordNS > cP.coordNS)
{
EWdif = oP.coordEW - cP.coordEW;
NSdif = oP.coordNS - cP.coordNS;
angleA = atan(NSdif/EWdif) * 57.29578;
angleP = (angleA/360);
}
}
Next, we need to know what to do with that code...time for another doody ub3r-1337 drawing!! :
To understand, remember that 0 on our X-Look is EAST...and that the values go counter-clockwise. Lets revert back to the sectors:
Sector 1 (SE) = 0xFFFFFFFF (east) - our new value
Sector 2 (SW) = 0xFFFFFFFF/2 (west) + our new value
Sector 3 (NW) = 0xFFFFFFFF/2 (west) - our new value
Sector 4 (NE) = 0 (east) + our new value
Before we write them though, we have to convert them back to DWORDs, from doubles. Here's the new code :
void SetCrosshairOnEnemy(BYTE PlayerNumber)
{
PLAYER_DATA oP = GetPlayerData(PlayerNumber);
PLAYER_DATA cP = GetMyPlayerData();
double EWdif;
double NSdif;
double angleA;
double angleP;
double newValue; // To hold our new double value
DWORD newValue2; // To convert our double back into DWORD ready for writing
double halfCircle = 0xFFFFFFFF/2; // Just to make the code a bit more readable
/*Sec 1*/
if(oP.coordEW > cP.coordEW && oP.coordNS <= cP.coordNS)
{
EWdif = oP.coordEW - cP.coordEW;
NSdif = cP.coordNS - oP.coordNS;
angleA = atan(NSdif/EWdif) * 57.29578;
angleP = (angleA/360);
newValue = 0xFFFFFFFF - (0xFFFFFFFF*angleP); // As described above
newValue2 = newValue; // Put it into DWORD (may get compile warnings about
// losing data..thats the whole reason we're doing it
Poke((void*)cP.lookXa, &newValue2,4); // Write our new value
}
/*Sec 2*/
if(oP.coordEW <= cP.coordEW && oP.coordNS < cP.coordNS)
{
EWdif = cP.coordEW - oP.coordEW;
NSdif = cP.coordNS - oP.coordNS;
angleA = atan(NSdif/EWdif) * 57.29578;
angleP = (angleA/360);
newValue = halfCircle + (0xFFFFFFFF*angleP);
newValue2 = newValue;
Poke((void*)cP.lookXa, &newValue2,4);
}
/*Sec 3*/
if(oP.coordEW < cP.coordEW && oP.coordNS >= cP.coordNS)
{
EWdif = cP.coordEW - oP.coordEW;
NSdif = oP.coordNS - cP.coordNS;
angleA = atan(NSdif/EWdif) * 57.29578;
angleP = (angleA/360);
newValue = halfCircle - (0xFFFFFFFF*angleP);
newValue2 = newValue;
Poke((void*)cP.lookXa, &newValue2,4);
}
/*Sec 4*/
if(oP.coordEW >= cP.coordEW && oP.coordNS > cP.coordNS)
{
EWdif = oP.coordEW - cP.coordEW;
NSdif = oP.coordNS - cP.coordNS;
angleA = atan(NSdif/EWdif) * 57.29578;
angleP = (angleA/360);
newValue = 0 + (0xFFFFFFFF*angleP);
newValue2 = newValue;
Poke((void*)cP.lookXa, &newValue2,4);
}
}
WOOOO, we now have our X look tracking the enemy we specify (or at least, if you copied and pasted right you should have )
If you've managed to read this all in 1 go, well done *round of applause*, this ****er's taking me ages to write. Okey doke, snack time again, then it's onto setting the Y-look
Right, for our Y-look it's still trig, it's still tan, and we still have to make a triangle. This time, imagine we already have X-look locked on them, and are looking straight in front....the point in front which is the same level distance away from us as he is, which is right above/below him. That is 1 point, then our player, then the enemy player. Here is another class drawing:
This time there are only 2 'sectors'...if the enemy is below us, or above us.
The distance from us to him along a level view is obtained by pythagoras on the EWdif and NWdif. We then use that, and the UDdif as the Opposite and Adjacent and do the same stuff as before. This time though, we need to include a bit for if the enemy is at the same height as us too
Here's the updated code :
void SetCrosshairOnEnemy(BYTE PlayerNumber)
{
PLAYER_DATA oP = GetPlayerData(PlayerNumber);
PLAYER_DATA cP = GetMyPlayerData();
double EWdif;
double NSdif;
double UDdif;
double angleA;
double angleP;
double angleB;
double angleBP;
double newValue;
DWORD newValue2;
double newValueb;
DWORD newValueb2;
double halfCircle = 0xFFFFFFFF/2;
/*Sec 1*/
if(oP.coordEW > cP.coordEW && oP.coordNS <= cP.coordNS)
{
EWdif = oP.coordEW - cP.coordEW;
NSdif = cP.coordNS - oP.coordNS;
angleA = atan(NSdif/EWdif) * 57.29578;
angleP = (angleA/360);
newValue = 0xFFFFFFFF - (0xFFFFFFFF*angleP);
newValue2 = newValue;
Poke((void*)cP.lookXa, &newValue2,4);
}
/*Sec 2*/
if(oP.coordEW <= cP.coordEW && oP.coordNS < cP.coordNS)
{
EWdif = cP.coordEW - oP.coordEW;
NSdif = cP.coordNS - oP.coordNS;
angleA = atan(NSdif/EWdif) * 57.29578;
angleP = (angleA/360);
newValue = halfCircle + (0xFFFFFFFF*angleP);
newValue2 = newValue;
Poke((void*)cP.lookXa, &newValue2,4);
}
/*Sec 3*/
if(oP.coordEW < cP.coordEW && oP.coordNS >= cP.coordNS)
{
EWdif = cP.coordEW - oP.coordEW;
NSdif = oP.coordNS - cP.coordNS;
angleA = atan(NSdif/EWdif) * 57.29578;
angleP = (angleA/360);
newValue = halfCircle - (0xFFFFFFFF*angleP);
newValue2 = newValue;
Poke((void*)cP.lookXa, &newValue2,4);
}
/*Sec 4*/
if(oP.coordEW >= cP.coordEW && oP.coordNS > cP.coordNS)
{
EWdif = oP.coordEW - cP.coordEW;
NSdif = oP.coordNS - cP.coordNS;
angleA = atan(NSdif/EWdif) * 57.29578;
angleP = (angleA/360);
newValue = 0 + (0xFFFFFFFF*angleP);
newValue2 = newValue;
Poke((void*)cP.lookXa, &newValue2,4);
}
// Done the X-look, now this is for the Y-look
double flatDist = sqrt((EWdif*EWdif)+(NSdif*NSdif)); // Get the level distance between us and the enemy, using pythagoras
if(oP.coordUD == cP.coordUD)
{
BYTE zero4[4] = {0x00,0x00,0x00,0x00};
Poke((void*)cP.lookYa,zero4, 4);
// If we are equal height, set our Y-look to 0 (level)
} else if(oP.coordUD > cP.coordUD)
{
UDdif = oP.coordUD - cP.coordUD; // Work out our UDdif
angleB = atan(UDdif/flatDist) * 57.29578; // Same old stuff as before
angleBP = (angleB/360);
newValueb = 0 + (0xFFFFFFFF*angleBP);
newValueb2 = newValueb;
Poke((void*)cP.lookYa, &newValueb2,4);
} else if (oP.coordUD < cP.coordUD)
{
UDdif = cP.coordUD - oP.coordUD;
angleB = atan(UDdif/flatDist) * 57.29578;
angleBP = (angleB/360);
newValueb = 0xFFFFFFFF - (0xFFFFFFFF*angleBP);
newValueb2 = newValueb;
Poke((void*)cP.lookYa, &newValueb2,4);
}
}
And there we have it, the skeletal start of an aimbot. Now thing about adding some of the following things :
List (only aim for certain people...use the name part of the player structure to check if they are on it or not)
Account for lag (lead bullets in front of people to account for the lag in the game(if its mp), and bullet travel)
Account for bullet dipping (aim above a player so bullets dip onto them)
Grenade arcs (workout where to throw grenades in order for them to go on your target)
Enemy only aim (so you don't aim at team-mates)
Only aim if alive (shooting dead people doesn't do much)
There are so many things you can add onto this, this is just the basis. Just think of all the things that you do while playing the game
Author: eVoByte