A section dedicated to sharing the latest offsets, structures, and updates related to software, game reversing, and memory analysis.
#pragma once
namespace offsets {
inline int tod_sky = 0xDC550A8;
inline int basenetworkable = 0xDB97EA8;
namespace BaseCombatEntity {
inline int lifestate = 0x214;
inline int model = 0xC8;
};
namespace BasePlayer {
inline int playerFlags = 0x538;
inline int BaseMovement = 0x268;
inline int displayName_ = 0x558;
inline int playerModel = 0x288;
inline int clactiveitem = 0x438;
inline int inventory = 0x2D8;
inline int modelState = 0x3B0;
inline int playerInput = 0x250;
inline int lastSentTick = 0x278;
inline int current_camera_mode = 0x344;
inline int eyes = 0x600;
}
namespace BaseProjectile {
inline int recoil = 0x328;
inline int viewModel = 0x208;
namespace viewModels {
inline int baseviewModel = 0x28;
namespace baseViewModel {
inline int ironSight = 0xD0;
inline int ViewmodelBob = 0x88;
inline int viewmodelSway = 0xA8;
inline int viewmodelLower = 0x78;
namespace ViewmodelLower {
inline int lowerOnSprint = 0x20;
inline int lowerWhenCantAttack = 0x21;
inline int shouldLower = 0x28;
}
namespace ViewmodelSway {
inline int positionalSwayAmount = 0x24;
inline int positionalSwaySpeed = 0x20;
inline int rotationSwaySpeed = 0x28;
inline int rotationSwayAmount = 0x2C;
}
namespace viewmodelBob {
inline int bobAmountRun = 0x2C;
inline int bobAmountWalk = 0x28;
inline int velocity = 0x40;
inline int bobOffset = 0x4C;
}
namespace ironSights {
inline int zoomFactor = 0x2C;
}
}
}
}
namespace RecoilProperties {
inline int new_recoil = 0x80;
}
namespace PlayerEyes {
inline int eye_offset = 0x50;
inline int eye_rotation = 0x6C;
inline int body_rotation = 0x50;
inline int view_offset = 0x60;
}
namespace ItemContainer {
inline int itemlist = 0x20;
}
namespace PlayerInventory {
inline int belt = 0x60;
}
namespace item {
inline int item_definition = 0xB8;
inline int amount = 0x94;
inline int item_uid = 0xA0;
inline int category = 0x48;
inline int held_entity = 0xC0;
}
namespace PlayerModel {
inline int position = 0x1D0;
inline int is_npc = 0x2E2;
inline int new_velocity = 0x1F4;
}
namespace BaseMovement {
inline int ground_angles_new = 0xD8;
inline int ground_angles = 0xD0;
inline int target_movement = 0x3C;
inline int set_ground = 0x54;
}
namespace ModelState {
inline int flags = 0x5C;
}
};
EntityLoop:
uint64_t bn = mem::read<uint64_t>(mem::gBase + offsets::basenetworkable);
uint64_t field = mem::read<uint64_t>(bn + 0xB8);
uint64_t wrapper_class_ptr = mem::read<uint64_t>(field + 0x38);
if (!wrapper_class_ptr)
return;
uint64_t wrapper_class = Loop::networkable_key(wrapper_class_ptr);
if (!wrapper_class)
return;
uint64_t parent_static_fields = mem::read<uint64_t>(wrapper_class + 0x10);
if (!parent_static_fields)
return;
uint64_t parent_class = Loop::networkable_key(parent_static_fields);
if (!parent_class)
return;
uint64_t entitys = mem::read<uint64_t>(parent_class + 0x10);
if (!entitys)
return;
auto entity_size = mem::read<uint32_t>(entitys + 0x18);
auto entity_array = mem::read<uint64_t>(entitys + 0x10);
Maincamera
auto camera2 = *(uintptr_t*)(mem::gBase + 0xDB97A70);
if (!camera2) return{};
auto trans = *(uintptr_t*)(camera2 + 0xb8);
if (!trans) return{};
auto wads = *(uintptr_t*)(trans + 0x98);
if (!wads) return{};
auto entity = *(uintptr_t*)(wads + 0x10);
if (!entity) return{};
return *(VMatrix*)(entity + 0x30c);
uint64_t c_decrypt_networkable::decrypt(uintptr_t a1) {
int v5; // eax
bool v6; // zf
signed __int64 v7; // rcx
__int64 v8; // rax
__int128 v23; // [rsp+20h] [rbp-28h] BYREF
__int128* a2;
__int64 a3;
a2 = &v23;
LODWORD(a3) = 2;
v23 = driver.read<uint32_t>(a1 + 24);
do
{
v5 = *(_DWORD*)a2;
a2 = (__int128*)((char*)a2 + 4);
*((_DWORD*)a2 - 1) = (((32 * (v5 - 507257619)) | ((unsigned int)(v5 - 507257619) >> 27)) ^ 0xB0AA1457)
- 1774998069;
v6 = (_DWORD)a3 == 1;
a3 = (unsigned int)(a3 - 1);
} while (!v6);
v7 = v23;
return c_Il2cppGetHandle::Il2cppGetHandle(v7);
}
uint64_t decrypt_base_player::decrypt(uint64_t a1) {
int* v5; // rdx
int v6; // r8d
int v7; // ecx
signed __int64 v8; // rcx
__int128 v24; // [rsp+20h] [rbp-28h] BYREF
v5 = (int*)&v24;
v6 = 2;
v24 = driver.read<uint32_t>(a1 + 24);
do
{
v7 = *v5++;
*(v5 - 1) = (((v7 - 601257353) ^ 0x153ACEBD) << 11) | (((v7 - 601257353) ^ 0x153ACEBDu) >> 21);
--v6;
} while (v6);
v8 = v24;
return c_Il2cppGetHandle::Il2cppGetHandle(v8);
}
uint64_t c_decrypt_uint32_t::decrypt(uint64_t a1) {
int* v5; // rdx
int v6; // r8d
int v7; // ecx
signed __int64 v8; // rcx
__int128 v24; // [rsp+20h] [rbp-28h] BYREF
v5 = (int*)&v24;
v6 = 2;
v24 = a1;
do
{
v7 = *v5++;
*(v5 - 1) = (((v7 - 601257353) ^ 0x153ACEBD) << 11) | (((v7 - 601257353) ^ 0x153ACEBDu) >> 21);
--v6;
} while (v6);
v8 = v24;
return v8;
}
__m128i convar_fov::decrypt(uint64_t v0) {
uint64_t v1 = (((unsigned int)driver.read<uint32_t>(v0 + 180LL) << 23) | ((unsigned __int64)(unsigned int)driver.read<uint32_t>(v0 + 180LL) >> 9))
+ 217037338;
return _mm_cvtsi32_si128((v1 << 12) | (v1 >> 20));
}
uint64_t c_decrypt_base_projectile::decrypt(uint64_t a1) {
int* v5; // rdx
int v6; // r8d
int v7; // eax
signed __int64 v8; // rcx
__int128 v24; // [rsp+20h] [rbp-28h] BYREF
v5 = (int*)&v24;
v6 = 2;
v24 = driver.read<uint32_t>(a1 + 24);
do
{
v7 = *v5++;
*(v5 - 1) = (((v7 - 1497648361) << 25) | ((unsigned int)(v7 - 1497648361) >> 7)) - 1299749402;
--v6;
} while (v6);
v8 = v24;
return c_Il2cppGetHandle::Il2cppGetHandle(v8);
}
uint64_t c_Il2cppGetHandle::Il2cppGetHandle(int32_t ObjectHandleID)
{
uint64_t rdi_1 = ObjectHandleID >> 3;
uint64_t rcx_1 = (ObjectHandleID & 7) - 1;
uint64_t baseAddr = mem::gBase + 0xDEDA540 + rcx_1 * 0x28;
uint32_t limit = read<uint32_t>(baseAddr + 0x10);
if (rdi_1 < limit) {
uintptr_t objAddr = read<uintptr_t>(baseAddr);
uint32_t bitMask = read<uint32_t>(objAddr + ((rdi_1 >> 5) << 2));
if (TEST_BITD(bitMask, rdi_1 & 0x1f)) {
uintptr_t ObjectArray = read<uintptr_t>(baseAddr + 0x8) + (rdi_1 << 3);
return read<BYTE>(baseAddr + 0x14) > 1
?read<uintptr_t>(ObjectArray)
: ~read<uint32_t>(ObjectArray);
}
}
return 0;
}
1 Like
Are this the new ones?
V2590
namespace offsets
{
constexpr auto Il2CppGetHandle = 0xC191CA0;
constexpr auto BaseNetworkable_TypeInfo = 0xBE7FB88;
constexpr auto MainCamera_TypeInfo = 0xBEDD6A8;
constexpr auto BasePlayer_TypeInfo = 0xBF26B08;
constexpr auto TOD_Sky_TypeInfo = 0xBEF9CB0;
constexpr auto ConvarAdmin_TypeInfo = 0xBEFE9D8;
constexpr auto Input_TypeInfo = 0xBEA5C88;
constexpr auto ConvarGraphics_TypeInfo = 0xBE933A8;
namespace BaseNetworkable
{
constexpr auto ClientEntities = 0x30;
namespace EntityRealm
{
constexpr auto EntityList = 0x10;
}
}
namespace ListDictionary
{
constexpr auto BufferList = 0x18;
}
namespace BufferList
{
constexpr auto List = 0x10;
constexpr auto Count = 0x18;
}
namespace MainCamera
{
constexpr auto Camera = 0x8;
}
namespace TOD_Sky
{
constexpr auto Instances = 0x28;
}
namespace BasePlayer
{
constexpr auto ClActiveItem = 0x460;
constexpr auto PlayerEyes = 0x2A8;
constexpr auto PlayerInventory = 0x478;
constexpr auto CurrentTeam = 0x430;
constexpr auto BaseMovement = 0x598;
constexpr auto PlayerModel = 0x288;
constexpr auto PlayerFlags = 0x558;
constexpr auto DisplayName = 0x3F8;
constexpr auto PlayerInput = 0x5C0;
}
namespace PlayerInventory
{
constexpr auto Belt = 0x28;
constexpr auto Wear = 0x58;
}
namespace ItemContainer
{
constexpr auto ItemList = 0x40;
}
namespace Item
{
constexpr auto ItemDefinition = 0x70;
constexpr auto HeldEntity = 0x88;
constexpr auto ItemId = 0x98;
constexpr auto Health = 0xC8;
constexpr auto MaxHealth = 0xD0;
constexpr auto Amount = 0xCC;
}
namespace PlayerModel
{
constexpr auto SkinnedMultiMesh = 0x298;
}
namespace SkinnedMultiMesh
{
constexpr auto RendererList = 0x58;
}
namespace BaseProjectile
{
constexpr auto RecoilProperties = 0x340;
constexpr auto PrimaryMagazine = 0x318;
}
namespace HeldEntity
{
constexpr auto ViewModel = 0x218;
}
namespace Input
{
constexpr auto Buttons = 0xD0;
namespace Button
{
constexpr auto CurrentValue = 0x39;
constexpr auto Name = 0x18;
constexpr auto KeyCode = 0x24;
constexpr auto Binds = 0x30;
}
}
namespace Convar
{
namespace Graphics
{
constexpr auto Fov = 0x34C;
}
namespace Admin
{
constexpr auto AdminTime = 0x9C;
}
}
}
namespace Encrypt
{
inline uint64_t AdminTime(float value)
{
uint32_t eax, ecx;
eax = *(uint32_t*)&value;
eax = eax + 0x1E33A871;
ecx = eax;
eax = eax << 0x1F;
ecx = ecx >> 0x1;
ecx = ecx | eax;
ecx = ecx - 0x6B7ACC8A;
eax = ecx;
ecx = ecx << 0x13;
eax = eax >> 0xD;
eax = eax | ecx;
return static_cast<uint64_t>(eax);
}
inline uint64_t Fov(float value)
{
uint32_t eax, ecx;
eax = *(uint32_t*)&value;
eax = eax + 0x1E33A871;
ecx = eax;
eax = eax << 0x1F;
ecx = ecx >> 0x1;
ecx = ecx | eax;
ecx = ecx - 0x6B7ACC8A;
eax = ecx;
ecx = ecx << 0x13;
eax = eax >> 0xD;
eax = eax | ecx;
return static_cast<uint64_t>(eax);
}
}
namespace Decrypt
{
inline uint64_t ClientEntities(uint64_t address)
{
uint64_t rax = mem.Read<uint64_t>(address + 0x18);
uint64_t* rdx = &rax;
uint32_t r8d = 0x2;
uint32_t eax, ecx, edx;
do {
eax = *(uint32_t*)(rdx);
rdx = (uint64_t*)((uint8_t*)rdx + 0x4);
eax = eax + 0x84B02EEE;
ecx = eax;
eax = eax << 0xD;
ecx = ecx >> 0x13;
ecx = ecx | eax;
ecx = ecx - 0x2F1224FF;
*((uint32_t*)rdx - 1) = ecx;
--r8d;
} while (r8d);
return Il2cppGetHandle(rax);
}
inline uint64_t EntityList(uint64_t address)
{
uint64_t rax = mem.Read<uint64_t>(address + 0x18);
uint64_t* rdx = &rax;
uint32_t r8d = 0x2;
uint32_t eax, ecx, edx;
do {
ecx = *(uint32_t*)(rdx);
eax = *(uint32_t*)(rdx);
rdx = (uint64_t*)((uint8_t*)rdx + 0x4);
ecx = ecx >> 0xA;
eax = eax << 0x16;
ecx = ecx | eax;
ecx = ecx - 0x49064304;
ecx = ecx ^ 0xFA11D865;
*((uint32_t*)rdx - 1) = ecx;
--r8d;
} while (r8d);
return Il2cppGetHandle(rax);
}
inline uint64_t PlayerInventory(uint64_t address)
{
uint64_t rax = mem.Read<uint64_t>(address + 0x18);
uint64_t* rdx = &rax;
uint32_t r8d = 0x2;
uint32_t eax, ecx, edx;
do {
eax = *(uint32_t*)(rdx);
ecx = *(uint32_t*)(rdx);
rdx = (uint64_t*)((uint8_t*)rdx + 0x4);
eax = eax << 0x10;
ecx = ecx | eax;
ecx = ecx + 0xD406ABD4;
eax = ecx;
ecx = ecx << 0x14;
eax = eax >> 0xC;
eax = eax | ecx;
*((uint32_t*)rdx - 1) = eax;
--r8d;
} while (r8d);
return Il2cppGetHandle(rax);
}
inline uint64_t PlayerEyes(uint64_t address)
{
uint64_t rax = mem.Read<uint64_t>(address + 0x18);
uint64_t* rdx = &rax;
uint32_t r8d = 0x2;
uint32_t eax, ecx, edx;
do {
eax = *(uint32_t*)(rdx);
rdx = (uint64_t*)((uint8_t*)rdx + 0x4);
eax = eax ^ 0x5C4C7BF3;
ecx = eax;
eax = eax << 0x10;
ecx = ecx >> 0x10;
ecx = ecx | eax;
ecx = ecx - 0x3E3A4010;
*((uint32_t*)rdx - 1) = ecx;
--r8d;
} while (r8d);
return Il2cppGetHandle(rax);
}
inline uint64_t ClActiveItem(uint64_t address)
{
uint64_t rsp = address;
uint64_t* rdx = &rsp;
uint32_t r8d = 0x2;
uint32_t eax, ecx, edx;
do {
ecx = *(uint32_t*)(rdx);
eax = *(uint32_t*)(rdx);
rdx = (uint64_t*)((uint8_t*)rdx + 0x4);
eax = eax << 0x18;
ecx = ecx >> 0x8;
ecx = ecx | eax;
ecx = ecx + 0xD72E3265;
eax = ecx;
ecx = ecx << 0x1F;
eax = eax >> 0x1;
eax = eax | ecx;
eax = eax - 0x9830B30;
*((uint32_t*)rdx - 1) = eax;
--r8d;
} while (r8d);
return rsp;
}
}```