Гайд Продолжение серии. шема(оффсеты)+локал игрок

Liberalist · 12 Май 2024

ribakit777 написал(а):
из-за требований в начале кода: "// c++23 - tested on clang 18.1.5 / msvc 19.40.33808"

нет, м2, но на нём много скульных баз в рантайме

нет, дебаг, так как при попытке собрать релиз 560 ошибок;

вот результат: 6 + 127 + 10 + 41 = 184 / 60 = 3 минуты

schema_registration: 5690ms
printing & saving schema dump: 127322ms
rtti_saving: 9678ms
saving info...
info_saving: 40806ms

дебаг билд для дебаггинга существует а не для быстрой работы. собирай релиз. 560 ошибок у тебя наверно потому что ты с++latest не поставил в релизе(там в настройках проекта сверху можно выбрать конфигурацию и платформу(у каждой связки конфигурация-платформа разные настройки. в этом и вся их суть - дебаг это не магический какойто особенный режим это просто "шаблончик" настроек где выключены всякие оптимизации и тд; релиз тоже самое тоже шаблончик с настройками с оптимизациями и тд))(ты только в дебаге поставил я так понимаю)(можно также выбрать опцию All Configurations - она показывает/разрешает менять настройки со всех конфигураций, можно и на дебаг и на релиз сразу поставить c++latest и тд и тп)

и "tested on clang 18.1.5 / msvc 19.40.33808" это не требование это версии на которых я тестил(это самые последние версии компиляторов на данный момент); это не минимальные версии где работает

ribakit777 · 12 Май 2024

Liberalist написал(а):
560 ошибок у тебя наверно потому что ты с++latest не поставил в релизе

да, в релизе стоял 14 стандарт;

новый результат (релиз): 1 + 25 + 1 + 2 = 29 секунд, релиз в ~6 раз быстрее

schema_registration: 1109ms
printing & saving schema dump: 25296ms
rtti_saving: 885ms
saving info...
info_saving: 2285ms

Liberalist · 7 Июн 2024

(01:39:10 07 Jun 2024)

Пожалуйста, авторизуйтесь для просмотра ссылки.

Hellowwwww · 7 Июн 2024

xslider написал(а):
Это очень круто, спасибо что делишься опытом! Может есть смысл сделать CI\CD для автодампа ассетов в gitlab\github?
Можно сделать автозапуск по выходу обновления и тригерить пайплайн

Можешь с Steamdb сколабарироваться и сделать чтобы на каждый новый апдейт дамп делался. Можешь даже просто им написать они мб сами сделают.
Вот этот человек

Пожалуйста, авторизуйтесь для просмотра ссылки.

(вроде один из главных там)
очень интересовался еще старым Source2Gen`ом от прейдога

Учитывая что достаточно дллок и запуск игры не нужен - можно даже на старые версии попробовать сделать, только сигнатура будет ломаться.

Liberalist · 7 Авг 2024

дамп от Thu Aug 08 2024 22:32:59

Пожалуйста, авторизуйтесь для просмотра ссылки.

добавил более детальный дамп CEntityClass
если кому-то надо структурки:

C++:

struct datamapField
{
    CSchemaClassBinding* enum_binding;
    const char* name;
    std::int16_t offset;
    std::int16_t unk;
    std::int8_t type;
};

struct EntInput_t
{
    const char* name;
    std::uint32_t unk1;
    std::uint32_t pad;
    union unk
    {
#pragma pack(push, 1)
        struct netvar_info_
        {
            std::uint8_t unk2;
            std::uint16_t netvar_offset;
        } netvar_info;
#pragma pack(pop)
        void* some_struct_ptr;
    } info_stuff;
    void* unk3;
    void* callback;
    void* unk4_func;
};

struct EntOutput_t
{
    const char* name;
    std::uint32_t unk1;
    std::uint32_t CEntityIOOutput_offset;
};

struct EntClassComponentOverride_t
{
    const char* pszBaseComponent;
    const char* pszOverrideComponent;
};

struct CPanoramaGameScriptFunction
{
    const char* name_;
    const char* scoped_name_;
    const char* description_;
    std::string_view name() const
    {
        if (name_)
            return name_;
        return {};
    }
    std::string_view scoped_name() const
    {
        if (scoped_name_)
            return scoped_name_;
        return {};
    }
    std::string_view description() const
    {
        if (description_)
            return description_;
        return {};
    }
    void* unk1;
    void* unk2;
    const char* double_null_terminated_param_list;//'\x00\x00'-terminated
    const char* class_name;
    void* unk3_func;
    void* actual_func;
    void* unk4;
    std::vector<std::string> get_params() const
    {
        std::vector<std::string> result{};
        if (double_null_terminated_param_list)
        {
            auto ptr = double_null_terminated_param_list;
            while (true)
            {
                std::string_view param{ ptr };
                if (param.empty())
                    break;
                ptr = param.data() + param.size() + sizeof('\x00');
                result.emplace_back(param);
            }
        }
        return result;
    }
};

struct CPanoramaGameScriptScope
{
    const char* class_name_;
    const char* class_name2_;
    const char* class_description_;
    std::string_view class_name() const
    {
        if (class_name_)
            return class_name_;
        return {};
    }
    std::string_view class_name2() const
    {
        if (class_name2_)
            return class_name2_;
        return {};
    }
    std::string_view class_description() const
    {
        if (class_description_)
            return class_description_;
        return {};
    }
    CPanoramaGameScriptScope* base_scope;
    CUtlVector<CPanoramaGameScriptFunction> functions;
};

//string xref ...ReferencedPtr
enum class EntityComponent_t : std::uint8_t
{
    ScriptComponent = 0,
    BodyComponentBaseModelEntity = 1,
    BodyComponentBaseAnimGraph = 2,
    PropDataComponent = 3,
    RenderComponent = 4,
    LightComponent = 5,
    HitboxComponent = 6,
    BodyComponentPoint = 7,
    BodyComponentSkeletonInstance = 8,
    BodyComponent = 9,
    _BodyComponentBaseAnimatingOverlay = 0xA,
    _BodyComponentBaseAnimating = 0xB,
};

const char* EntityComponent_t_NAMES[]
{
    "ScriptComponent",
    "BodyComponentBaseModelEntity",
    "BodyComponentBaseAnimGraph",
    "PropDataComponent",
    "RenderComponent",
    "LightComponent",
    "HitboxComponent",
    "BodyComponentPoint",
    "BodyComponentSkeletonInstance",
    "BodyComponent",
    "_BodyComponentBaseAnimatingOverlay",
    "_BodyComponentBaseAnimating",
};

const char* stringify_EntityComponent_t(std::uint8_t val)
{
    if (val >= std::size(EntityComponent_t_NAMES))
    {
        return "";
    }
    return EntityComponent_t_NAMES[val];
}

class CEntityClass
{
public:
    CPanoramaGameScriptScope* m_pPanoramaGameScriptScope; //0x0000
    EntInput_t* m_pInputs; //0x0008
    EntOutput_t* m_pOutputs; //0x0010
    uint32_t m_nInputCount; //0x0018
    uint32_t m_nOutputCount; //0x001C
    EntClassComponentOverride_t* m_pComponentOverrides; //0x0020
    CEntityClassInfo* m_pClassInfo; //0x0028
    CEntityClassInfo* m_pBaseClassInfo; //0x0030
    const char* m_designerName; //0x0038
    void* unk1;//0x40
    std::uint32_t m_flags;//0x48
    std::uint32_t m_nAllHelpersFlags;//0x4C
    CUtlVector<std::int16_t> m_ComponentOffsets; //0x0050
    CUtlVector<void*> m_AllHelpers; //0x0068
    void* BaseClassPlus80; //0x0080
    void* unk2;//0x0088
    datamapField* m_pDataMapFields;//0x0090
    void* unk4;//0x0098
    void* unk5;//0x00A0
    std::uint16_t m_iDataMapFieldCount;//0xA8
    std::uint16_t unk6;//0xAA
    std::uint16_t unk7;//0xAC
    std::uint16_t unk8;//0xAE
    const char* m_pszScopedName; //0x00B0
    FlattenedSerializerHandle_t* m_pFlattenedSerializer; //0x00B8
    CUtlVector<void*> EntInputMap_StringToEntInput_t;//0x00C0
    void* unk9;//0x00D8
    void* unk10;//0x00E0
    void* unk11;//0x00E8
    std::int32_t m_requiredEHandle;//0x00F0
    std::uint32_t pad;//0x00F4
    CEntityClass* m_pForwardLinkNextClass; //0x00F8
    CEntityIdentity* m_pNextClass; //0x0100
    CEntityClassNetworkInstance* m_pNetworkInstance; //0x0108
    auto inputs() const
    {
        return std::span{ m_pInputs, m_nInputCount };
    }
    auto outputs() const
    {
        return std::span{ m_pOutputs, m_nOutputCount };
    }
    auto datamap_fields() const
    {
        return std::span{ m_pDataMapFields, m_iDataMapFieldCount };
    }
};

class CEntityClassNetworkInstance
{
public:
    const char* m_pszClientName;
    const char* m_pszServerName;
    CEntityClass* m_pClass;
    const char* m_pszScopedName;
    FlattenedSerializerHandle_t* m_pSerializerHandle;
    std::int32_t m_ClassID;
    std::int32_t m_iRuntimeIndex;
    void* unk1;
    void* unk2;
};
class CEntityClassInfo
{
public:
    const char* m_pszClassname; //0x0000
    const char* m_pszCPPClassname; //0x0008
    const char* m_pszDescription; //0x0010
    CEntityClass* m_pClass; //0x0018
    CEntityClassInfo* m_pBaseClassInfo; //0x0020
    CSchemaClassBinding* m_pSchemaClassBinding; //0x0028
    void* m_pDataDescMap; //0x0030
    void* m_pPredDescMap; //0x0038
};

struct FlattenedSerializerHandle_t
{
    const char* m_pName;
    CFlattenedSerializer* serializer;
};

enum NetworkFieldChangeCallbackType : std::uint8_t
{
    OBJPTR_OBJPTR = 1,
    OBJPTR_OBJPTR_NEWVALUEPTR = 2,
    OBJPTR = 3,
    UNK_MOVRCX_MOVRDX_MOVR8D_MOVR9 = 4,
    UNK_MOVRCX_MOVRDX_MOVR8D = 5,
    UNK_MOVRCX_LEARDX = 6,
    UNK_MOVRCX_LEARDX_MOVR8 = 7,
};

struct NetworkFieldChangeCallback_t
{
    void* unk1{};
    void* fn_callback{};
    const char* name{};
    std::uint16_t unk2{};
    std::uint16_t unk3{};
    std::uint16_t unk4{};
    NetworkFieldChangeCallbackType callback_type{};
    std::uint8_t pad{};
    void* unk5{};
    std::uint32_t unk6{};
};

struct CFlattenedSerializer
{
    struct NetVarInfo
    {
        const char* name_;
        CSchemaClassBinding* type_binding;
        void* unk1;
        std::int16_t offset;
        std::int16_t maybe_flags1;
        std::int32_t maybe_flags2;
        void* unk2;
        void* unk3;
        void* unk4;
        void* unk5;
        std::int32_t unk6;
        std::int32_t unk7;
        void* unk8;
        void* unk9;
        void* unk10;
        CUtlVector<NetworkFieldChangeCallback_t>* m_pNetVarChangeCallbacks;
        void* unk11;
        void* unk12;
        void* unk13;
        void* unk14;
        const char* m_pClassName;
        const char* m_pNetvarTypeName;
        void* unk15;
        void* unk16;
        void* unk17;
        std::string_view name() const noexcept
        {
            if (name_)
                return { name_ };
            return {};
        }
        std::string_view type_name() const noexcept
        {
            if (m_pNetvarTypeName)
                return { m_pNetvarTypeName };
            return {};
        }
    };

    const char* m_pName;
    CSchemaClassBinding* m_pSchemaClassBinding;
    CUtlVector<NetVarInfo*> netvars;
};

списки классов есть либо в CNetworkGameClient, либо в CEntity2NetworkClasses(указатель на нее есть в CGameEntitySystem, на 0x1538 вроде).
нетворк сериалайзеры есть либо в CFlattenedSerializers, либо в ентити классах.
прежде всего можно регать свои коллбеки на изменение нетвара или менять оффсеты нетваров(дота берет оффсеты из нетворк сериалазйеров), например для того же вбе
PoC вбе(особо не тестил но вроде работает)

C++:

struct test_cb
{
    CUtlVector<NetworkFieldChangeCallback_t> vec{};
    NetworkFieldChangeCallback_t cb{};

    test_cb(const char* name, void* fn)
    {
        vec.capacity = 1;
        vec.data = &cb;
        vec.size = 1;
        cb.name = name;
        cb.fn_callback = fn;
        cb.callback_type = NetworkFieldChangeCallbackType::OBJPTR_OBJPTR_NEWVALUEPTR;
    }
};
void(*ConMsg)(const char*, ...) = nullptr;
test_cb cb
{
    "MyTestCallback",
    +[](void* entity, void* _, std::uint32_t* new_val)
    {
        ConMsg("entity 0x%p value %d\n", entity, *new_val);
    }
};
...
    for (const auto& ni : nc)
    {
        if (ni && ni->m_pszClientName && ni->m_pClass)
        {
            const auto& cls = *ni->m_pClass;
            if (cls.m_pFlattenedSerializer)
            {
                if (cls.m_pFlattenedSerializer->serializer)
                {
                    const auto& netvars = cls.m_pFlattenedSerializer->serializer->netvars.span();
                    if (!netvars.empty())
                    {
                        for (const auto& netvar : netvars)
                        {
                            if (netvar)
                            {
                                if (!netvar->name().empty())
                                {
                                    if (netvar->name() == "m_iTaggedAsVisibleByTeam")
                                    {
                                        netvar->m_pNetVarChangeCallbacks = &cb.vec;
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
    }

Liberalist · 26 Авг 2024

Fri Aug 23 2024

Пожалуйста, авторизуйтесь для просмотра ссылки.

Liberalist · 19 Фев 2025

Liberalist написал(а):
дерьмодампер шемы и ртти оффлайн POC качества(на доту работает на ксго вроде тоже)
shitcode:

Пожалуйста, авторизуйтесь для просмотра ссылки.
если вкратце то регистрация в шеме происходит через CSchemaRegistration_blablabla классы в модулях, эти классы имеют у себя виртуальную функцию RegisterAllBindings. эта функция состоит из двух фаз - предварительной и финальной;
биндинги на диске хранят всё кроме типов - типы заполняются из RegisterAllBindings(изза этого нельзя просто с диска(ну т.е. из самого .dll файла без его прогрузки) брать биндинги и дампить их - ну точнее можно(ток их сначала еще идентифицировать тогда придется) но тогда не будет инфы о типах нетваров никакой - только имена оффсеты мета и прочая хуита)
следовательно надо грузить .dll'ки и вызывать у них эти RegisterAllBindings - здесь можно либо частично ммапить без импортов без нихуя(хотя это не на всех версиях доты работает - на некоторых импорты вызываются(следовательно их тоже либо эмулировать либо грузить)) и эмулировать шема систему(ну это хуйня идея слишком много работы и слишком нестабильно между версиями), либо просто нормально полноценно грузить официальную schemasystem.dll и остальные модули тоже нормально грузить, и потом уже доставать либо из шема системы всю инфу(нестабильно между версиями) либо просто абузить тот факт что всё пролетает через стабильные CSchemaSystemTypeScope::InstallSchemaClassBinding(0 index) и CSchemaSystemTypeScope::InstallSchemaEnumBinding(1 index). собственно весь дампер держится на этих двух хуках(вмт по ртти находится)
существует две "мажорные" версии шемы - 2015-2019 и 2019+ (между ними еще есть 2018-2019 кусочек который похож на 2019+ но чуть чуть отличается я его скипнул там ~6 месяцев всего лишь он жил или меньше даже). разница между этими версиями это сами структуры биндингов и того что они содержат(члены, мета, типы и тд) и порядок параметров в InstallSchemaClassBinding/InstallSchemaEnumBinding.
дллки грузятся, хукаются InstallSchemaClassBinding/InstallSchemaEnumBinding в шеме, вызывается экспорт у каждого из модулей InstallSchemaBindings(это грубо говоря просто g_pInterfaceGlobals._g_pSchemaSystem = addr_of_CSchemaSystem и foreach(CSchemaRegistration_blablabla) RegisterAllBindings). все что пролетает через хуки трансформируется в стабильный вид и сохраняется в список, потом после того как всё зарегалось по списку идут фиксы(например инфа(размер и выравнивание) о некоторых типах недоступна изначально(при первичной регистрации) и такие инвалидные типы фиксятся после того как всё зарегалось, за исключением ~11 типов которых в шеме просто нет(~4/5 штук) или нет в конкретно данных версиях но есть в следующих/предыдущих - они остаются как есть с 0 размером и выравниванием, родители фиксятся(родители должны быть в локальном масштабе, а шема может на указывать дубликаты из другого масштаба в качестве родителей(ну это токо для дампа фулл иерархии))) потом запись всей этой хуйни на диск. единственная "нестабильность" это вызов GetSizeAndAlign у которого индекс нестабильный но он не захардкожен а ищется сканом так что все работает вроде нормально на доту(42 версии проверил 2015-2024) и кс2(8 версий 2023-2024)
если кому-то нужны one-liner'ы компиляции то:
MSVC: x64 Native Tools Command Prompt for VS 2022(в пуске есть)
cl /std:c++latest /O2 /EHsc schema_dumper.cpp
Clang-cl:
clang-cl /std:c++latest /O2 /EHsc schema_dumper.cpp

update 2025
убрали инфу о статик мемберах насколько я понял

Пожалуйста, авторизуйтесь для просмотра ссылки.

заодно дамп от Wed Feb 19 2025 05:23:21

Пожалуйста, авторизуйтесь для просмотра ссылки.

dotakoder · 20 Фев 2025

Liberalist написал(а):
update 2025
убрали инфу о статик мемберах насколько я понял

Пожалуйста, авторизуйтесь для просмотра ссылки.
заодно дамп от Wed Feb 19 2025 05:23:21

Пожалуйста, авторизуйтесь для просмотра ссылки.

m_vecAbilities теперь вместо m_hAbilities походу

Внутри самой сущности появился новый указатель на класс CEntitySharedGapSignature

Trna · 23 Фев 2025

CResourceSystem::FindOrRegisterResourceByName -> 31
GetAbilityTextureName -> 226
GetDamage -> 319
GetEffectiveCastRange -> 281
GetAttackRange -> 303
GetPhyisicalArmor -> 306
GetMagicalArmor -> 307

CDOTAParticleManager -> CUtlVector particles -> 0x98
handle -> 0xE8

also SchemaClassInfoData_t->ParentInfo changed from 0x38 to 0x30.

m_hAbilities -> m_vecAbilities:

Код:

 auto hAbilities = MemberInline<CUtlVector<ENT_HANDLE>>(Netvars["C_DOTA_BaseNPC"]["m_vecAbilities"]);
auto ability = Interfaces::EntitySystem->GetEntity<CDOTABaseAbility>(H2IDX(hAbilities->at(idx)));

devmomo · 26 Окт 2025

hello guys i was asking about what if i only can code in python and nodejs and i wanna know how to get some functions or i wanna understand the whole system

so i was thinking of doing something external that doesnt need me to keep closing and reopening dota to try things

like i wanna try to get somethings into debugging the game with the help of RTTI (which is something i learned on the youtube) what do u guys recommend?

like if i can dumb all the classes based on the rtti using nodejs or python then using the addresses in reclass ( which something i saw on the youtube but i dont really know much about it ) or even ghedra or IDA

again please take in mind that i dont wanna learn cpp i just wanna understand the game with the help of nodejs or python

and sorry for the long comment

Liberalist · 26 Окт 2025

devmomo написал(а):
hello guys i was asking about what if i only can code in python and nodejs and i wanna know how to get some functions or i wanna understand the whole system

so i was thinking of doing something external that doesnt need me to keep closing and reopening dota to try things

like i wanna try to get somethings into debugging the game with the help of RTTI (which is something i learned on the youtube) what do u guys recommend?

like if i can dumb all the classes based on the rtti using nodejs or python then using the addresses in reclass ( which something i saw on the youtube but i dont really know much about it ) or even ghedra or IDA

again please take in mind that i dont wanna learn cpp i just wanna understand the game with the help of nodejs or python

and sorry for the long comment

you'll need to learn C(++) and its inner workings either way, at least to understand how stuff works at the lower levels(everything uses C(++) to some extent internally, even the python or javascript you love so much are written in C(++)), and also because the game(dota) is written in C++(and likewise, if you were making a minecraft cheat, you'd need to learn java and its inner workings; if you were making a cheat for a C# game, you'd need to learn how C# works etc. - you choose your tools based on your target, there's no universal solution).
you can use whatever you want, as long as it has some interoperability with C(python, javascript, java, and basically every other language all have it), but you're still going to be working with C(and the target language(in case of dota it's C++)) and you'll still need to know/understand how C works and how computers and programming works in general to do anything meaningful.
FYI, python(and any other language that does not directly expose C linkage/asm/other low-level stuff, e.g. javascript or java or any other scripted/non-native language) on its own, without C bindings, is literally worthless.
you can't even print something to console using python, because python simply doesn't provide any way to do it(there's no syscalls, C linkage, asm etc.).
and before you say anything about the built-in print function, well, it's written in C:

Пожалуйста, авторизуйтесь для просмотра ссылки.

it's not a python function, it's an actual C function just registered within python's VM under the name "print", and whenever python encounters that name, it goes and invokes the corresponding C code(and you can't do what that function does in pure python(without any bindings whatsoever), that's why it's written in C, surely the developers of python(rather, its standard implementation, CPython) didn't do that for fun?)
yes, you can call C code from python(and that's the only reason the language even works at all), but don't forget that the code that does the heavy lifting is written in C, not in python. python only does insignificant lightweight stuff and outsources everything meaningful to C(that's why such languages are called scripted languages).
the same goes for javascript and all other non-native languages. C(and C++) actually directly expose C linkage, asm and other low-level facilities and that's why they are actually capable of doing stuff on their own. other languages simply have an interoperability layer with C, and outsource everything meaningful to C(what they do is actually pretty smart and other native languages also do that, but unfortunately, specifically C++ chose compatibility with C instead of interoperability with C and that's why it fucking sucks so much, it's literally C with two pluses and C is garbage - but you get what you get).
there are, of course, C bindings for python that can be used for working with processes, virutal memory, all kinds of system APIs etc., but to properly utilize them you'd still need to understand C and its inner workings to some extent.
the bottom line is that you at least need knowledge of C(++)'s inner workings(for interacting with the platform and for interacting with the target). even the RTTI you speak of is a C++ feature and if you don't know how C++(and C) works internally then you're going to have trouble understanding how RTTI works and how and when to (ab)use it.
you won't get very far with your "only nodejs and python" mindset(you need to know C(and its inner workings, first and foremost) either way, even if you don't use it directly).
the firmware of your hardware is written in C, your bootloader is written in C, your OS is written in C(++), the drivers for the keyboard you type with are written in C, your CPython(the python.exe that you run your python code with) is written in C, your V8(google's javascript engine used in nodejs) is written in C(++), your browser is written in C(++), some of your games are written in C(++), even C(++) itself is written in C(++) (old/previous versions of the language are used to implement compilers for newer versions of the language). you can't avoid C(++) if you touch any of these things at lower levels. if you're making a mod for a game then yeah you don't usually need to touch any C(++) stuff, but a cheat is way more low-level(and thus more powerful, and also way more unsanctioned, unofficial and less legitimate) than a mod.
this doesn't mean that C is good(it isn't) or that python is bad or whatever, but if you're going to dive into this shit then you'll have to learn to swim

devmomo · 26 Окт 2025

Liberalist написал(а):
you'll need to learn C(++) and its inner workings either way, at least to understand how stuff works at the lower levels(everything uses C(++) to some extent internally, even the python or javascript you love so much are written in C(++)), and also because the game(dota) is written in C++(and likewise, if you were making a minecraft cheat, you'd need to learn java and its inner workings; if you were making a cheat for a C# game, you'd need to learn how C# works etc. - you choose your tools based on your target, there's no universal solution).
you can use whatever you want, as long as it has some interoperability with C(python, javascript, java, and basically every other language all have it), but you're still going to be working with C(and the target language(in case of dota it's C++)) and you'll still need to know/understand how C works and how computers and programming works in general to do anything meaningful.
FYI, python(and any other language that does not directly expose C linkage/asm/other low-level stuff, eg javascript or java or any other scripted/non-native language) on its own, without C bindings, is literally worthless.
you can't even print something to console using python, because python simply doesn't provide any way to do it(there's no syscalls, C linkage, asm etc.).
and before you say anything about the built-in printfunction, well, it's written in C:

Пожалуйста, авторизуйтесь для просмотра ссылки.
Пожалуйста, авторизуйтесь для просмотра ссылки.
it's not a python function, it's an actual C function just registered within python's VM under the name "print", and whenever python encounters that name, it goes and invokes the corresponding C code(and you can't do what that function does in pure python(without any bindings whatsoever), that's why it's written in C, surely the developers of python(rather, its standard implementation, CPython) didn't do that for fun?)
yes, you can call C code from python(and that's the only reason the language even works at all), but don't forget that the code that does the heavy lifting is written in C, not in python. python only does insignificant lightweight stuff and outsources everything meaningful to C(that's why such languages are called scripted languages).
the same goes for javascript and all other non-native languages. C(and C++) actually directly expose C linkage, asm and other low-level facilities and that's why they are actually capable of doing stuff on their own. other languages simply have an interoperability layer with C, and outsource everything meaningful to C(what they do is actually pretty smart and other native languages also do that, but unfortunately, specifically C++ chose compatibility with C instead of interoperability with C and that's why it fucking sucks so much, it's literally C with two pluses and C is garbage - but you get what you get).
there are, of course, C bindings for python that can be used for working with processes, virutal memory, all kinds of system APIs etc., but to properly utilize them you'd still need to understand C and its inner workings to some extent.
the bottom line is that you at least need knowledge of C(++)'s inner workings(for interacting with the platform and for interacting with the target). even the RTTI you speak of is a C++ feature and if you don't know how C++(and C) works internally then you're going to have trouble understanding how RTTI works and how and when to (ab)use it.
you won't get very far with your "only nodejs and python" mindset(you need to know C(and its inner workings, first and foremost) either way, even if you don't use it directly).
the firmware of your hardware is written in C, your bootloader is written in C, your OS is written in C(++), the drivers for the keyboard you type with are written in C, your CPython(the python.exe that you run your python code with) is written in C, your V8(google's javascript engine used in nodejs) is written in C(++), your browser is written in C(++), some of your games are written in C(++), even C(++) itself is written in C(++) (old/previous versions of the language are used to implement compilers for newer versions of the language). you can't avoid C(++) if you touch any of these things at lower levels. if you're making a mod for a game then yeah you don't usually need to touch any C(++) stuff, but a cheat is way more low-level(and thus more powerful, and also way more unsanctioned, unofficial and less legitimate) than a mod.
this doesn't mean that C is good(it isn't) or that python is bad or whatever, but if you're going to dive into this shit then you'll have to learn to swim

wow, thanks a lot for this good comment i knew that python js ts are converting to machine code but i dont have the ability to develop with C++ ( i have some basic knowledge but not much)
i just cant and dont know how to debug dota because there is some crashes happens when i try to attach visual studio to dota

i saw somewhere that the companies are doing that to prevent the users from debugging the game but to make this possible you need to prevent this function from working and this is hard for me cuz i dont know how can i find code and how can i reverse engineer

thats why i tried to focus on creating a cheat using the data you guys have here in the forum but with nodejs or python

because i don't know how to reverse engineer anything, could you please redirect me to the right path please?

1 more question please if i managed to get signatures for most of things do u think i can called functions related to the game
like createMove ( i dont know if dota has createmove or not ) etc ...

Liberalist · 27 Окт 2025

devmomo написал(а):
wow, thanks a lot for this good comment i knew that python js ts are converting to machine code but i dont have the ability to develop with C++ ( i have some basic knowledge but not much)
i just cant and dont know how to debug dota because there is some crashes happens when i try to attach visual studio to dota

i saw somewhere that the companies are doing that to prevent the users from debugging the game but to make this possible you need to prevent this function from working and this is hard for me cuz i dont know how can i find code and how can i reverse engineer

thats why i tried to focus on creating a cheat using the data you guys have here in the forum but with nodejs or python

because i don't know how to reverse engineer anything, could you please redirect me to the right path please?

1 more question please if i managed to get signatures for most of things do u think i can called functions related to the game
like createMove ( i dont know if dota has createmove or not ) etc ...

it's not about machine code or whatever. it's about whether or not the language itself exposes the necessary low-level functionality. doesn't matter if it's an interpreted language(C(++) can be interpreted too) or a compiled language(python and javascript can be compiled to asm too(though you'll still need the runtime))(in the first place, there is no such thing as an interpreted or compiled "language" - there's only interpreted and compiled IMPLEMENTATIONS of the language's abstract machine). scripted languages literally aren't designed for doing any low-level stuff directly(only through C bindings) - not because this isn't possible in theory, but because the authors simply did not add such features to the language(deliberately, to keep the language simple and "safe"(from people who don't know what they're doing)). it's a design choice.

no dota doesn't really have any anti-debug facilities, it's a relatively "friendly" game when it comes to reverse-engineering, you're just doing something wrong. and visual studio is mostly a source-level debugger, it has weak assembly-level debugging functionality. you need a decent assembly-level debugger for reverse engineering(x64dbg, cheat engine, whatever else) and some static analysis tools(IDA etc.)

if you want to simulate player actions(e.g. move somewhere, attack somewhere), dota has PrepareUnitOrders instead of createmove, but you absolutely can't use nodejs/python for that kind of stuff(that stuff is for internal cheats only(though of course you could embed v8/cpython/lua into your internal cheat and add bindings and then you'll be able to do that but you still need an internal cheat written in e.g. C(++) or some other language that doesn't need some heavy runtime and exposes enough low-level facilities; the scripts would just be some extra cherry on top and you could do without them, they'd just call upon your main C(++) code for 90% of their functionality))(for external cheats you'll just have to simulate mouse input)

in either case, you'll need reverse engineering/low-level knowledge and C(++) knowledge(at least for dota)

devmomo · 27 Окт 2025

Liberalist написал(а):
it's not about machine code or whatever. it's about whether or not the language itself exposes the necessary low-level functionality. doesn't matter if it's an interpreted language(C(++) can be interpreted too) or a compiled language(python and javascript can be compiled to asm too(though you'll still need the runtime))(in the first place, there is no such thing as an interpreted or compiled "language" - there's only interpreted and compiled IMPLEMENTATIONS of the language's abstract machine). scripted languages literally aren't designed for doing any low-level stuff directly(only through C bindings) - not because this isn't possible in theory, but because the authors simply did not add such features to the language(deliberately, to keep the language simple and "safe"(from people who don't know what they're doing)). it's a design choice.

no dota doesn't really have any anti-debug facilities, it's a relatively "friendly" game when it comes to reverse-engineering, you're just doing something wrong. and visual studio is mostly a source-level debugger, it has weak assembly-level debugging functionality. you need a decent assembly-level debugger for reverse engineering(x64dbg, cheat engine, whatever else) and some static analysis tools(IDA etc.)

if you want to simulate player actions(eg move somewhere, attack somewhere), dota has PrepareUnitOrders instead of createmove, but you absolutely can't use nodejs/python for that kind of stuff(that stuff is for internal cheats only(though of course you could embed v8/cpython/lua into your internal cheat and add bindings and then you'll be able to do that but you still need an internal cheat written in eg C(++) or some other language that doesn't need some heavy runtime and exposes enough low-level facilities; the scripts would just be some extra cherry on top and you could do without them, they'd just call upon your main C(++) code for 90% of their functionality))(for external cheats you'll just have to simulate mouse input)

in either case, you'll need reverse engineering/low-level knowledge and C(++) knowledge(at least for dota)

thanks a lot

Гайд Продолжение серии. шема(оффсеты)+локал игрок

Похожие темы