https://pastein.ru/t/MJ8
Загрузка данных
import pymem
import pymem.process
import ctypes
import time
import math
user32 = ctypes.windll.user32
gdi32 = ctypes.windll.gdi32
# === ВАШИ ОФФСЕТЫ ===
OFFSET_VIEW_MATRIX = 0x12EB10 # client.dll + 0x12EB10
OFFSET_ENTITY_ORIGIN = 0x12047A0 # hw.dll + 0x12047A0
OFFSET_LOCAL_ORIGIN = 0x13E7F0 # client.dll + 0x13E7F0
OFFSET_GET_TEAM = 0x100DF4 # client.dll + 0x100DF4
OFFSET_HEALTH = 0xF8 # стандартное смещение (если есть)
ESP_ENABLED = True
ESP_COLOR = 0x0000FF # Красный
SCREEN_W = 800
SCREEN_H = 600
def get_window_size():
hwnd = user32.FindWindowW(None, "Counter-Strike")
rect = ctypes.wintypes.RECT()
user32.GetWindowRect(hwnd, ctypes.byref(rect))
return rect.right - rect.left, rect.bottom - rect.top
def world_to_screen(x, y, z, view_matrix, sw, sh):
w = view_matrix[12]*x + view_matrix[13]*y + view_matrix[14]*z + view_matrix[15]
if w < 0.01:
return None
sx = view_matrix[0]*x + view_matrix[1]*y + view_matrix[2]*z + view_matrix[3]
sy = view_matrix[4]*x + view_matrix[5]*y + view_matrix[6]*z + view_matrix[7]
sx = (sw / 2) * (1 + sx / w)
sy = (sh / 2) * (1 - sy / w)
return (sx, sy)
def draw_rect(dc, x, y, w, h, color):
brush = gdi32.CreateSolidBrush(color)
gdi32.SelectObject(dc, brush)
gdi32.Rectangle(dc, int(x - w/2), int(y - h/2), int(x + w/2), int(y + h/2))
gdi32.DeleteObject(brush)
def main():
global SCREEN_W, SCREEN_H
SCREEN_W, SCREEN_H = get_window_size()
print("=== CS 1.6 ESP (без EntityList) ===")
print("Rutube: https://rutube.ru/channel/43805541")
print("Telegram: hackeriks")
print()
try:
pm = pymem.Pymem("hl.exe")
print("[+] hl.exe найден")
except:
print("[-] CS 1.6 не запущена")
return
# Получаем базы модулей
hw_dll = pymem.process.module_from_name(pm.process_handle, "hw.dll")
client_dll = pymem.process.module_from_name(pm.process_handle, "client.dll")
hw_base = hw_dll.lpBaseOfDll
client_base = client_dll.lpBaseOfDll
print(f"[+] hw.dll base: {hex(hw_base)}")
print(f"[+] client.dll base: {hex(client_base)}")
# Получаем дескриптор окна для рисования
hwnd = user32.FindWindowW(None, "Counter-Strike")
dc = user32.GetDC(hwnd)
print("[*] ESP активен. F1 - вкл/выкл, F2 - выход")
global ESP_ENABLED
running = True
while running:
# Управление
if user32.GetAsyncKeyState(0x70) & 1: # F1
ESP_ENABLED = not ESP_ENABLED
print(f"ESP: {'ON' if ESP_ENABLED else 'OFF'}")
time.sleep(0.2)
if user32.GetAsyncKeyState(0x71) & 1: # F2
running = False
break
if not ESP_ENABLED:
time.sleep(0.05)
continue
# Очищаем экран
brush = gdi32.CreateSolidBrush(0x000000)
gdi32.SelectObject(dc, brush)
gdi32.Rectangle(dc, 0, 0, SCREEN_W, SCREEN_H)
gdi32.DeleteObject(brush)
try:
# Читаем матрицу вида
view_matrix = []
for i in range(16):
view_matrix.append(pm.read_float(client_base + OFFSET_VIEW_MATRIX + i*4))
# Свои координаты
local_x = pm.read_float(client_base + OFFSET_LOCAL_ORIGIN)
local_y = pm.read_float(client_base + OFFSET_LOCAL_ORIGIN + 4)
local_z = pm.read_float(client_base + OFFSET_LOCAL_ORIGIN + 8)
# Своя команда
local_team = pm.read_int(client_base + OFFSET_GET_TEAM)
# Перебираем возможные адреса игроков (hw.dll + 0x1200000 + смещение)
for offset in range(0, 0x10000, 0x100): # грубый перебор
try:
entity = hw_base + OFFSET_ENTITY_ORIGIN + offset
# Координаты возможного игрока
x = pm.read_float(entity)
y = pm.read_float(entity + 4)
z = pm.read_float(entity + 8)
# Фильтр: координаты не должны быть нулевыми и не своими
if x == 0 and y == 0 and z == 0:
continue
if abs(x - local_x) < 10 and abs(y - local_y) < 10:
continue
# Команда (есть ли по этому адресу?)
try:
team = pm.read_int(entity + 0x20) # примерное смещение команды
except:
team = -1
# Если команда совпадает с локальной — пропускаем
if team == local_team:
continue
# Рисуем рамку
screen = world_to_screen(x, y, z + 60, view_matrix, SCREEN_W, SCREEN_H)
if screen:
draw_rect(dc, screen[0], screen[1], 20, 30, ESP_COLOR)
except:
pass
except Exception as e:
pass
time.sleep(0.03)
user32.ReleaseDC(hwnd, dc)
print("ESP остановлен.")
if __name__ == "__main__":
main()