External Fistful of Frags Hack

Language: C++
Methods: Byte pattern, External overlay
Development: Last Updated July 2016

This external hack is comprised of similar drawing and window per-pixel transparency found in my Rust triggerbot. Unique to this project however is the byte pattern scanning, also known as array-of-byte (AOB) scanning. We can scan committed regions of memory using VirtualQueryEx for certain x86 instructions, and then begin to piece together individual classes and structs. The screenshot below demonstrates a scan of the entity base and then offsets to each player object creation. Some classes are easy to reverse such as the player class (containing health, current weapon, etc) while others are a bit harder such as the model bone matrix which is stored as a matrix3x4_t.



The ESP boxes found in the video are cheap to render because they make a few assumptions, requiring less data. These assumptions however are not completely accurate because instead of using bones/models (ie left shoulder, right shoulder, head, feet), it uses the single entity xyz coordinate and a height value. The only place which accuracy is essential, is for the aimbot. The aimbot is still relatively cheap to run because it only requires one position, the head bone. The mouse movements are made using Windows SetPos instead of locking the view-matrix, keeping away from WriteProcessMemory.