In my sample im also calling t_isKinematic(true) to deactivate any gravity influence for the player, its not necessary but it makes the fly feeling smoother. In my sample im simply using a 0xC3 (return) on the CharacterController.FixedUpdate, this blocks the game from writing to our transform but still allows free mouse movement. So okay now we have the player positions, we should now prevent the game from writing to our Players. Transform.get_position will return the address of and contains now a Vector3 with the positions. Second Argument(RDX) = the address of the transform Transform.get_position is a _cdecl* Call so you need to use the stack or provide a address from the codecave for the first argument.įirst Argument (RCX) = e.g lea rcx, So okay now we have the Transform, you could now look into it to find the Vector3 or call Transform.get_position So RCX = any class instance that belongs to the player. To find the Component you could look into the 0x10 nativePtr or call the Component.get_transformĬomponent.get_transform returns the native Transform component, it needs one argument. We need to get the transform component, you can do that with any instance that belongs to the player (they all share the same components ) So how we get a 100% safe pointer to our player Vector3? Lets say you are doing a Unknown-Scan for the player position, and if you found it you do a "Find out what accesses this address" then you will find the native code in the UnityPlayer.dll that handles every Vector3 from all Transforms. If you try to dissect them while Cheat Engines mono features are active then you will get a big crash, coz this pointers contains no mono infos.Īny object in the Unity game-world is a GameObject (FunFact : the GameObjects name that is used in the unity-editor is stored in the 0x00 klassPtr and its hashed with FNV ) a GameObject in the 3D World also has a Transform Component, this Component contains the Vector3 with the position floats. We need the players position that is stored in a Vector3, coz this we need to dive into the component system.Ī class instance that derives from MonoBehaviour does have these Pointers: In short -> Its not JIT so we don't need any mono-features to make sure it works for everyone Note : this guide is for 圆4 and the Unity Playground Project is Il2CPP compiled (native code that still contains mono-infos), my sample-table does access stuff in the Unity-Engine that does not have any mono-symbols at all, so i decided to do the complete table with AOBs and Absolute Offsets without any mono-features ( everything that has a name is commented in the table) This Guide will contain a lots of Unity specific stuff, but a NoClip works more or less the same for every game. Someone asked me for a direction how to do a NoClip for games, so i had some fun writing a cheap little Playground with Unity(so nobody needs a specific game to play around with it) and made a sample table with 2 Basic NoClip scripts.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |