Librarium
Settings

Finding viewAngles with IDA for Counter Strike Source

Swiss Experiments
experimentsscience & technologyswitzerlandclientstategame hackingida proreversingviewangles

In our last tutorial we grabbed clientState, now we want to reverse the class and find something we can later use. This video will guide you through finding the viewAngles vector which is used for many purposes including RCS (which is likely your next step).

The same probably applies for CS:GO as well! (with different addresses and offsets)

You may find the code where I use these addresses here: https://github.com/nikooo777/cstrike-hacking

My cheat-sheet:

  1. We want to access member values and functions of clientState
  2. We have an SDK that details most if not all of them
  3. We can work our way back using IDA Pro

steps:

  1. locate something interesting (L159)
  2. see where it's used and check if we can possibly locate it using IDA
  • void CEngineClient::SetViewAngles( QAngle& va ) in cdll_engine_int.cpp L756
  • void ResetViewAngles( void ) in viewangleanim.cpp L60 which is used in L66 which has a string we can look up or
  • void CEngineClient::GetViewAngles( QAngle& va ) in cdll_engine_int.cpp L751
  • void TestViewAnim( void ) in in viewangleanim.cpp L45 which contains a string
  1. open client.dll in IDA Pro and search for the string
  2. Locate the function and note down the vTable offset for the call to the reversed function
  • SetViewAngles() IEngine + 80
  • GetViewAngles() IEngine + 76
  1. Open engine.dll in IDA Pro and run class informer
  2. search (with ctrl+f) for CEngineClient which is the class implementing the functions defined in the EngineClient interface (IEngine) and click on it
  3. Note down the address relative to the first function in the class 0x102F5A84 (Note, IDA offsets all instructions by 0x10000000)
  4. using the python console (or anything for that matter) sum the address you just copied with the offset we found while reversing client.dll
  • hex(0x102F5A84+80)
  • hex(0x102F5A84+76)
  1. doubleclick the result or simply press G and jump to that address. This is the function you reversed. Rename it for later use.
  2. doubleclick the function and decompile it.
  3. Find viewAngles and doubleclick it to get its address
  • 0x1047C33C
  1. Grab the clientState offset you found in the previous tutorial (0x4777B8) and subtract it from the viewAngles address (remove the leading 10 to align the addresses). This gives you an offset for viewAngles from clientState.
  • 0x4b84
  1. Use the offset in your code. ... https://www.youtube.com/watch?v=mS8ZQ5N7Dvk
2021-07-19
1.81330176 LBC
Copyrighted (contact publisher)

57183999 Bytes