from lib import *

from numpy import array, float32, linalg, cross, dot, reshape

from math import sqrt, pi
from ctypes import windll, byref, Structure, wintypes
from time import time, sleep
from threading import Thread
from subprocess import Popen, PIPE
from os import path
import [Link] as dpg
from [Link] import ProcessError
import sys
import random
import string
from [Link] import is_64_bit, list_processes

# Ensure we have a pymem Pymem instance available as `pm`.

# Prefer pm exported by a local lib module, fall back to creating one directly.
try:
from lib import pm
except Exception:
try:
from pymem import Pymem
pm = Pymem()
except Exception:
pm = None

def DRP(address: int | str) -> int:

if isinstance(address, str):
address = int(address, 16)
return int.from_bytes(pm.read_bytes(address, 8), "little")

pi180 = pi/180

aimbot_enabled = False
esp_enabled = False
esp_ignoreteam = False
esp_ignoredead = False
aimbot_ignoreteam = False
aimbot_ignoredead = False
aimbot_keybind = 2
aimbot_mode = "Hold"
aimbot_toggled = False
waiting_for_keybind = False
injected = False

VK_CODES = {
'Left Mouse': 1,
'Right Mouse': 2,
'Middle Mouse': 4,
'X1 Mouse': 5,
'X2 Mouse': 6,
'F1': 112, 'F2': 113, 'F3': 114, 'F4': 115, 'F5': 116, 'F6': 117,
'F7': 118, 'F8': 119, 'F9': 120, 'F10': 121, 'F11': 122, 'F12': 123,
'A': 65, 'B': 66, 'C': 67, 'D': 68, 'E': 69, 'F': 70, 'G': 71,
'H': 72, 'I': 73, 'J': 74, 'K': 75, 'L': 76, 'M': 77, 'N': 78,
'O': 79, 'P': 80, 'Q': 81, 'R': 82, 'S': 83, 'T': 84, 'U': 85,
'V': 86, 'W': 87, 'X': 88, 'Y': 89, 'Z': 90,
'Shift': 16, 'Ctrl': 17, 'Alt': 18, 'Space': 32,
 'Enter': 13, 'Tab': 9, 'Caps Lock': 20
}

def get_key_name(vk_code):
for name, code in VK_CODES.items():
if code == vk_code:
return name
return f"Key {vk_code}"

def generate_random_title():
"""Generate a random title with 24 characters (letters and numbers, mixed
case)"""
characters = string.ascii_letters + [Link]
return ''.join([Link](characters) for _ in range(24))

def title_changer():
"""Background"""
while True:
try:
new_title = generate_random_title()
dpg.configure_item("Primary Window", label=new_title)
dpg.set_viewport_title(new_title)
except:
pass
# reduce CPU usage; adjust to taste (0.05s is reasonable)
sleep(0.05)

def normalize(vec):
norm = [Link](vec)
return vec / norm if norm != 0 else vec

def cframe_look_at(from_pos, to_pos):

from_pos = array(from_pos, dtype=float32)
to_pos = array(to_pos, dtype=float32)

look_vector = normalize(to_pos - from_pos)

up_vector = array([0, 1, 0], dtype=float32)

if abs(look_vector[1]) > 0.999:

up_vector = array([0, 0, -1], dtype=float32)

right_vector = normalize(cross(up_vector, look_vector))

recalculated_up = cross(look_vector, right_vector)

return look_vector, recalculated_up, right_vector

print('Using local offsets...')

offsets = {

"RobloxVersion": "Roblox Version: version-c1ac69007bdc4e48",

"ByfronVersion": "Byfron Version: ???",
"Adornee": "0xD8",
"Anchored": "0x2E5",
"AnchoredMask": "0x2",
"AnimationId": "0xD8",
"AttributeList": "0x38",
"AttributeList2": "0x18",
"AttributeToNext": "0x58",
"AttributeToValue": "0x10",
"AutoJumpEnabled": "0x1E3",
"BeamBrightness": "0x198",
"BeamColor": "0x128",
"BeamLightEmission": "0x1A4",
"BeamLightInfuence": "0x1A8",
"Camera": "0x450",
"CameraMaxZoomDistance": "0x2C8",
"CameraMinZoomDistance": "0x2CC",
"CameraMode": "0x2D0",
"CameraPos": "0x124",
"CameraRotation": "0x100",
"CameraSubject": "0xF0",
"CameraType": "0x160",
"CanCollide": "0x2E5",
"CanTouch": "0x2E5",
"CanCollideMask": "0x8",
"CanTouchMask": "0x10",
"CharacterAppearanceId": "0x270",
"Children": "0x68",
"ChildrenEnd": "0x8",
"ClassDescriptor": "0x18",
"ClassDescriptorToClassName": "0x8",
"ClickDetectorMaxActivationDistance": "0x108",
"ClockTime": "0x1C0",
"CreatorId": "0x190",
"DataModelDeleterPointer": "0x7097020",
"DataModelPrimitiveCount": "0x410",
"DataModelToRenderView1": "0x1D8",
"DataModelToRenderView2": "0x8",
"DataModelToRenderView3": "0x28",
"DecalTexture": "0x1A0",
"Deleter": "0x10",
"DeleterBack": "0x18",
"Dimensions": "0x720",
"DisplayName": "0x118",
"EvaluateStateMachine": "0x1E3",
"FOV": "0x168",
"FakeDataModelPointer": "0x7097018",
"FakeDataModelToDataModel": "0x1C0",
"FogColor": "0x104",
"FogEnd": "0x13C",
"FogStart": "0x140",
"ForceNewAFKDuration": "0x1F8",
"FramePositionOffsetX ": "0x4B4",
"FramePositionOffsetY": "0x4BC",
"FramePositionX": "0x4B0",
"FramePositionY": "0x4B8",
"FrameRotation": "0x190",
"FrameSizeX": "0x120",
"FrameSizeY": "0x124",
"GameId": "0x198",
"GameLoaded": "0x680",
"Gravity": "0x998",
"Health": "0x19C",
"HealthDisplayDistance": "0x2F0",
"HipHeight": "0x1A8",
"HumanoidDisplayName": "0xD8",
"HumanoidState": "0x870",
"HumanoidStateId": "0x20",
"InputObject": "0x108",
"InsetMaxX": "0x108",
"InsetMaxY": "0x10C",
"InsetMinX": "0x100",
"InsetMinY": "0x104",
"InstanceCapabilities": "0x380",
"JobEnd": "0x1D8",
"JobId": "0x140",
"JobStart": "0x1D0",
"Job_Name": "0x18",
"JobsPointer": "0x7167700",
"JumpPower": "0x1B8",
"LocalPlayer": "0x128",
"LocalScriptByteCode": "0x1B0",
"LocalScriptBytecodePointer": "0x10",
"LocalScriptHash": "0x1C0",
"MaterialType": "0x0",
"MaxHealth": "0x1BC",
"MaxSlopeAngle": "0x1C0",
"MeshPartColor3": "0x1C4",
"ModelInstance": "0x338",
"ModuleScriptByteCode": "0x158",
"ModuleScriptBytecodePointer": "0x10",
"ModuleScriptHash": "0x170",
"MoonTextureId": "0x5E0",
"MousePosition": "0xF4",
"MouseSensitivity": "0x710c714",
"MoveDirection": "0x160",
"Name": "0x88",
"NameDisplayDistance": "0x2FC",
"NameSize": "0x10",
"OnDemandInstance": "0x30",
"OutdoorAmbient": "0x110",
"Parent": "0x58",
"PartSize": "0x23C",
"Ping": "0xD0",
"PlaceId": "0x1A0",
"PlayerConfigurerPointer": "0x7073D70",
"PlayerMouse": "0xC98",
"Position": "0x154",
"Primitive": "0x178",
"PrimitiveGravity": "0x0",
"PrimitiveValidateValue": "0x6",
"PrimitivesPointer1": "0x3D8",
"PrimitivesPointer2": "0x210",
"ProximityPromptActionText": "0xD8",
"ProximityPromptEnabled": "0x15E",
"ProximityPromptGamepadKeyCode": "0x144",
"ProximityPromptHoldDuraction": "0x148",
"ProximityPromptMaxActivationDistance": "0x150",
"ProximityPromptMaxObjectText": "0xF8",
"RenderJobToDataModel": "0x1B0",
"RenderJobToFakeDataModel": "0x38",
"RenderJobToRenderView": "0x218",
"RequireBypass": "0x828",
"RigType": "0x1D0",
"Rotation": "0x138",
"RunContext": "0x150",
"ScriptContext": "0x3D0",
 "Sit": "0x1E3",
"SkyboxBk": "0x108",
"SkyboxDn": "0x130",
"SkyboxFt": "0x158",
"SkyboxLf": "0x180",
"SkyboxRt": "0x1A8",
"SkyboxUp": "0x1D0",
"SoundId": "0xE8",
"StarCount": "0x228",
"StringLength": "0x10",
"SunTextureId": "0x6F8",
"TagList": "0x0",
"TaskSchedulerMaxFPS": "0x1B0",
"TaskSchedulerPointer": "0x7167520",
"Team": "0x258",
"TeamColor": "0xD8",
"Tool_Grip_Position": "0x46C",
"Transparency": "0xF8",
"UserId": "0x280",
"Value": "0xD8",
"Velocity": "0x160",
"ViewportSize": "0x2F0",
"VisualEngine": "0x10",
"VisualEnginePointer": "0x6DEC860",
"VisualEngineToDataModel1": "0x700",
"VisualEngineToDataModel2": "0x1C0",
"WalkSpeed": "0x1DC",
"WalkSpeedCheck": "0x3B8",
"Workspace": "0x180",
"WorkspaceToWorld": "0x3D8",
"viewmatrix": "0x4B0"

# define a minimal setOffsets early so the top-level try/except call works

def setOffsets(nameOffset2: int, childrenOffset2: int):
global nameOffset, childrenOffset
nameOffset = nameOffset2
childrenOffset = childrenOffset2

try:
setOffsets(int(offsets['Name'], 16), int(offsets['Children'], 16))
except Exception:
pass

class RECT(Structure):
_fields_ = [('left', [Link]), ('top', [Link]), ('right',
[Link]), ('bottom', [Link])]

class POINT(Structure):
_fields_ = [('x', [Link]), ('y', [Link])]

def find_window_by_title(title):
return [Link](None, title)

def get_client_rect_on_screen(hwnd):
rect = RECT()
if [Link](hwnd, byref(rect)) == 0:
return 0, 0, 0, 0
 top_left = POINT([Link], [Link])
bottom_right = POINT([Link], [Link])
[Link](hwnd, byref(top_left))
[Link](hwnd, byref(bottom_right))
return top_left.x, top_left.y, bottom_right.x, bottom_right.y

def world_to_screen_with_matrix(world_pos, matrix, screen_width, screen_height):

vec = array([*world_pos, 1.0], dtype=float32)
clip = dot(matrix, vec)
if clip[3] == 0: return None
ndc = clip[:3] / clip[3]
if ndc[2] < 0 or ndc[2] > 1: return None
x = (ndc[0] + 1) * 0.5 * screen_width
y = (1 - ndc[1]) * 0.5 * screen_height
return round(x), round(y)

baseAddr = 0
camAddr = 0
dataModel = 0
wsAddr = 0
camCFrameRotAddr = 0
plrsAddr = 0
lpAddr = 0
matrixAddr = 0
camPosAddr = 0
esp = None
target = 0

def get_raw_processes():
return [[
[Link], [Link], [Link], [Link],
[Link], [Link], i.th32DefaultHeapID,
i.th32ModuleID, i.th32ParentProcessID, i.th32ProcessID
] for i in list_processes()]

def simple_get_processes():
return [{"Name": i[5].decode(), "Threads": i[0], "ProcessId": i[9]} for i in
get_raw_processes()]

def yield_for_program(program_name: str, printInfo: bool = True) -> bool:

global PID, Handle, baseAddr, pm
for proc in simple_get_processes():
if proc["Name"] == program_name:
pm.open_process_from_id(proc["ProcessId"])
PID = proc["ProcessId"]
Handle = [Link](0x1038, False, PID)
if printInfo:
print('Roblox PID:', PID)
for module in pm.list_modules():
if [Link] == "[Link]":
baseAddr = [Link]
break
if printInfo:
print(f'Roblox base addr: {baseAddr:x}')
return True
return False

def get_base_addr() -> int:

return baseAddr
def FindFirstChildOfClass(instance: int, class_name: str) -> int:
if not instance:
return 0

start = DRP(instance + childrenOffset)

if start == 0:
return 0
end = DRP(start + 8)
current = DRP(start)
for _ in range(9000):
if current == end:
break
child = pm.read_longlong(current)
try:
if GetClassName(child) == class_name:
return child
except:
pass
current += 0x10
return 0

def FindFirstChildByName(instance: int, name: str) -> int:

if not instance:
return 0
start = DRP(instance + childrenOffset)
if start == 0:
return 0
end = DRP(start + 8)
current = DRP(start)
for _ in range(9000):
if current == end:
break
child = pm.read_longlong(current)
try:
if GetName(child) == name:
return child
except:
pass
current += 0x10
return 0

def ReadRobloxString(expected_address: int) -> str:

string_count = pm.read_int(expected_address + 0x10)
if string_count > 15:
ptr = DRP(expected_address)
return pm.read_string(ptr, string_count)
return pm.read_string(expected_address, string_count)

def GetNameAddress(instance: int) -> int:

return DRP(instance + nameOffset)

def GetName(instance: int) -> str:

return ReadRobloxString(GetNameAddress(instance))

def GetChildren(instance: int) -> list:

if not instance:
return []
 children = []
start = DRP(instance + childrenOffset)
if start == 0:
return []
end = DRP(start + 8)
current = DRP(start)
for _ in range(9000):
if current == end:
break
[Link](pm.read_longlong(current))
current += 0x10
return children

def background_process_monitor():
global baseAddr
while True:
if is_process_dead():
while not yield_for_program("[Link]"):
sleep(0.5)
baseAddr = get_base_addr()
sleep(0.1)

# background monitor will be started later in __main__ after helper funcs are
defined
# Thread(target=background_process_monitor, daemon=True).start()

def show_main_features():
"""Show main features after injection delay and hide injector"""

dpg.hide_item("injector_text")
dpg.hide_item("inject_button")

dpg.show_item("main_features_text")
dpg.show_item("aimbot_checkbox")
dpg.show_item("esp_checkbox")
dpg.show_item("spacer1")
dpg.show_item("separator1")
dpg.show_item("spacer2")

def init():
global dataModel, wsAddr, camAddr, camCFrameRotAddr, plrsAddr, lpAddr,
matrixAddr, camPosAddr, injected, baseAddr, pm

# Ensure pymem instance

if pm is None:
try:
from pymem import Pymem
pm = Pymem()
except Exception:
print("Pymem not available. Install pymem and try again.")
return

# Try to attach to Roblox if we don't have a base address yet

if not baseAddr:
attached = yield_for_program("[Link]", True)
if not attached:
 print("Roblox process not found. Start [Link] and then
click Inject.")
return
baseAddr = get_base_addr()

try:
fakeDatamodel = pm.read_longlong(baseAddr +
int(offsets['FakeDataModelPointer'], 16))
print(f'Fake datamodel: {fakeDatamodel:x}')

dataModel = pm.read_longlong(fakeDatamodel +
int(offsets['FakeDataModelToDataModel'], 16))
print(f'Real datamodel: {dataModel:x}')

wsAddr = pm.read_longlong(dataModel + int(offsets['Workspace'], 16))

print(f'Workspace: {wsAddr:x}')

camAddr = pm.read_longlong(wsAddr + int(offsets['Camera'], 16))

camCFrameRotAddr = camAddr + int(offsets['CameraRotation'], 16)
camPosAddr = camAddr + int(offsets['CameraPos'], 16)

visualEngine = pm.read_longlong(baseAddr +
int(offsets['VisualEnginePointer'], 16))
matrixAddr = visualEngine + int(offsets['viewmatrix'], 16)
print(f'Matrix: {matrixAddr:x}')

# prefer finding by name because class name lookup can be unreliable across
versions
plrsAddr = FindFirstChildByName(dataModel, 'Players') or
FindFirstChildOfClass(dataModel, 'Players')
print(f'Players: {plrsAddr:x}')
# try to read LocalPlayer pointer from the Players service
try:
lpAddr = 0
if plrsAddr:
lpAddr = pm.read_longlong(plrsAddr + int([Link]('LocalPlayer',
'0'), 16))
print(f'LocalPlayer: {lpAddr:x}')
except Exception:
lpAddr = 0
print('LocalPlayer: 0 (could not read)')

# Debug: print Players children (addr, name, UserId, ModelInstance)

try:
children = GetChildren(plrsAddr)
print(f'Players children count: {len(children)}')
userIdOff = int([Link]('UserId', '0'), 16)
modelOff = int([Link]('ModelInstance', '0'), 16)
for i, c in enumerate(children):
try:
name = GetName(c)
except Exception:
name = '<unknown>'
try:
uid = pm.read_int(c + userIdOff)
except Exception:
uid = None
try:
model = pm.read_longlong(c + modelOff)
 except Exception:
model = 0
print(f'[{i}] addr: {c:x} name: {name!r} UserId: {uid} Model:
{model:x}')

# Extra debug: read head world position and project to screen

try:
if matrixAddr and matrixAddr != 0:
# build view-projection matrix
matrix_flat = [pm.read_float(matrixAddr + i*4) for i in
range(16)]
view_proj = reshape(array(matrix_flat, dtype=float32), (4,4))
else:
view_proj = None
hwnd_roblox = find_window_by_title("Roblox")
if hwnd_roblox:
l,t,r,b = get_client_rect_on_screen(hwnd_roblox)
width = r - l
height = b - t
else:
width = 1920
height = 1080

primOff = int([Link]('Primitive', '0'), 16)

posOff = int([Link]('Position', '0'), 16)

for i, c in enumerate(children):
try:
model = pm.read_longlong(c + modelOff)
if not model:
print(f' [{i}] no model')
continue
head = FindFirstChildByName(model, 'Head')
if not head:
print(f' [{i}] no head')
continue
primitive = pm.read_longlong(head + primOff)
if not primitive:
print(f' [{i}] head has no primitive')
continue
world_pos = (
pm.read_float(primitive + posOff),
pm.read_float(primitive + posOff + 4),
pm.read_float(primitive + posOff + 8)
)
if view_proj is not None:
screen = world_to_screen_with_matrix(array(world_pos,
dtype=float32), view_proj, width, height)
else:
screen = None
print(f' [{i}] world={world_pos} screen={screen}')
except Exception as _e:
print(f' [{i}] pos read failed:', _e)
except Exception as e:
print('Players position debug failed:', e)
except Exception as e:
print('Players debug failed:', e)
except ProcessError:
print('You forget to open Roblox!')
 return
except Exception as e:
print(f'Init failed: {e}')
return

globals()['lpAddr'] = lpAddr
globals()['matrixAddr'] = matrixAddr
globals()['plrsAddr'] = plrsAddr

print('Injected successfully\n-------------------------------')

injected = True
def delayed_show():
sleep(1)
show_main_features()

Thread(target=delayed_show, daemon=True).start()

def toogleEsp():
global hidden
try:
hidden = not hidden
except NameError:
# overlay not initialized yet; keep a module-level flag
globals().setdefault('hidden', True)
globals()['hidden'] = not globals()['hidden']

def toogleIgnoreTeamEsp():
global ignoreTeam
try:
ignoreTeam = not ignoreTeam
except NameError:
globals().setdefault('ignoreTeam', False)
globals()['ignoreTeam'] = not globals()['ignoreTeam']

def toogleIgnoreDeadEsp():
global ignoreDead
try:
ignoreDead = not ignoreDead
except NameError:
globals().setdefault('ignoreDead', False)
globals()['ignoreDead'] = not globals()['ignoreDead']

esp = None

def keybind_listener():
global waiting_for_keybind, aimbot_keybind
while True:
if waiting_for_keybind:

sleep(0.3)

for vk_code in range(1, 256):

[Link](vk_code)

key_found = False
while waiting_for_keybind and not key_found:
for vk_code in range(1, 256):
if [Link](vk_code) & 0x8000:
 if vk_code == 27:
waiting_for_keybind = False
dpg.configure_item("keybind_button", label=f"Keybind:
{get_key_name(aimbot_keybind)}")
break

aimbot_keybind = vk_code
waiting_for_keybind = False
dpg.configure_item("keybind_button", label=f"Keybind:
{get_key_name(vk_code)}")
key_found = True
break
sleep(0.01)
else:
sleep(0.1)

Thread(target=keybind_listener, daemon=True).start()

def aimbotLoop():
global target, aimbot_toggled
key_pressed_last_frame = False

while True:
if aimbot_enabled:
key_pressed_this_frame = [Link](aimbot_keybind)
& 0x8000 != 0

if aimbot_mode == "Toggle":
if key_pressed_this_frame and not key_pressed_last_frame:
aimbot_toggled = not aimbot_toggled
key_pressed_last_frame = key_pressed_this_frame
should_aim = aimbot_toggled
else:
should_aim = key_pressed_this_frame

if should_aim:
if target > 0 and matrixAddr > 0:
from_pos = [pm.read_float(camPosAddr),
pm.read_float(camPosAddr+4), pm.read_float(camPosAddr+8)]
to_pos = [pm.read_float(target), pm.read_float(target+4),
pm.read_float(target+8)]

look, up, right = cframe_look_at(from_pos, to_pos)

pm.write_float(camCFrameRotAddr, float(-right[0]))
pm.write_float(camCFrameRotAddr+4, float(up[0]))
pm.write_float(camCFrameRotAddr+8, float(-look[0]))

pm.write_float(camCFrameRotAddr+12, float(-right[1]))
pm.write_float(camCFrameRotAddr+16, float(up[1]))
pm.write_float(camCFrameRotAddr+20, float(-look[1]))

pm.write_float(camCFrameRotAddr+24, float(-right[2]))
pm.write_float(camCFrameRotAddr+28, float(up[2]))
pm.write_float(camCFrameRotAddr+32, float(-look[2]))
else:
target = 0
hwnd_roblox = find_window_by_title("Roblox")
 if hwnd_roblox and matrixAddr > 0:
left, top, right, bottom =
get_client_rect_on_screen(hwnd_roblox)
matrix_flat = [pm.read_float(matrixAddr + i * 4) for i in
range(16)]
view_proj_matrix = reshape(array(matrix_flat,
dtype=float32), (4, 4))
# ensure local player / players pointers are valid before
reading memory
if lpAddr == 0 or plrsAddr == 0:
# not ready yet, back off and try again next loop
sleep(0.05)
continue
try:
lpTeam = pm.read_longlong(lpAddr + int(offsets['Team'],
16))
except Exception:
# failed to read local player (not initialized /
transient); retry later
sleep(0.05)
continue
width = right - left
height = bottom - top
widthCenter = width/2
heightCenter = height/2
minDistance = float('inf')
# precompute offsets locally (faster / clearer)
userIdOff = int([Link]('UserId', '0'), 16)
modelOff = int([Link]('ModelInstance', '0'), 16)
primOff = int([Link]('Primitive', '0'), 16)
posOff = int([Link]('Position', '0'), 16)
teamOff = int([Link]('Team', '0'), 16)
healthOff = int([Link]('Health', '0'), 16)

try:
localUserId = pm.read_int(lpAddr + userIdOff)
except Exception:
localUserId = None

for v in GetChildren(plrsAddr):
try:
# skip local player by UserId when possible
if localUserId is not None:
try:
otherId = pm.read_int(v + userIdOff)
if otherId == localUserId:
continue
except:
pass

otherTeam = pm.read_longlong(v + teamOff)

if aimbot_ignoreteam and otherTeam == lpTeam:
continue

char = pm.read_longlong(v + modelOff)

if not char:
continue

head = FindFirstChildByName(char, 'Head')

 hum = FindFirstChildOfClass(char, 'Humanoid')
if not (head and hum):
continue

if aimbot_ignoredead:
try:
health = pm.read_float(hum + healthOff)
if health <= 0:
continue
except:
continue

primitive = pm.read_longlong(head + primOff)

if not primitive:
continue

targetPos = primitive + posOff

obj_pos = array([
pm.read_float(targetPos),
pm.read_float(targetPos + 4),
pm.read_float(targetPos + 8)
], dtype=float32)

screen_coords =
world_to_screen_with_matrix(obj_pos, view_proj_matrix, width, height)
if screen_coords is not None:
distance = sqrt((widthCenter -
screen_coords[0])**2 + (heightCenter - screen_coords[1])**2)
if distance < minDistance:
minDistance = distance
target = targetPos
except Exception:
# skip this player on any transient memory/read
error
continue
else:
target = 0
else:
aimbot_toggled = False
sleep(0.1)

def aimbot_callback(sender, app_data):

global aimbot_enabled, aimbot_toggled
if not injected:
return
aimbot_enabled = app_data
if app_data:
dpg.show_item("aimbot_settings_popup")
else:
dpg.hide_item("aimbot_settings_popup")
aimbot_toggled = False

def esp_callback(sender, app_data):

global esp_enabled
if not injected:
return
esp_enabled = app_data
toogleEsp()
if app_data:
 dpg.show_item("esp_settings_popup")
else:
dpg.hide_item("esp_settings_popup")

def esp_ignoreteam_callback(sender, app_data):

global esp_ignoreteam
esp_ignoreteam = app_data
toogleIgnoreTeamEsp()

def esp_ignoredead_callback(sender, app_data):

global esp_ignoredead
esp_ignoredead = app_data
toogleIgnoreDeadEsp()

def aimbot_ignoreteam_callback(sender, app_data):

global aimbot_ignoreteam
aimbot_ignoreteam = app_data

def aimbot_ignoredead_callback(sender, app_data):

global aimbot_ignoredead
aimbot_ignoredead = app_data

def aimbot_mode_callback(sender, app_data):

global aimbot_mode, aimbot_toggled
aimbot_mode = app_data
if aimbot_mode == "Hold":
aimbot_toggled = False

def keybind_callback():
global waiting_for_keybind
if not waiting_for_keybind:
waiting_for_keybind = True
dpg.configure_item("keybind_button", label="... (ESC to cancel)")

# ensure lib helpers are available at runtime (handles failed top-level import)
def ensure_lib():
global pm, yield_for_program, is_process_dead, get_base_addr
global DRP, GetName, GetClassName, GetChildren, FindFirstChild,
FindFirstChildOfClass, setOffsets
try:
# if already present, nothing to do
if 'yield_for_program' in globals() and 'pm' in globals():
return
from lib import pm as _pm, yield_for_program as _yfp, is_process_dead as
_ipd, get_base_addr as _gba
from lib import DRP as _drp, GetName as _getn, GetClassName as _getc,
GetChildren as _getc, FindFirstChild as _ffc, FindFirstChildOfClass as _ffcoc,
setOffsets as _so
pm = _pm
yield_for_program = _yfp
is_process_dead = _ipd
get_base_addr = _gba
DRP = _drp
GetName = _getn
GetClassName = _getc
GetChildren = _getc
FindFirstChild = _ffc
FindFirstChildOfClass = _ffcoc
setOffsets = _so
 except Exception as e:
print("ensure_lib: failed to import lib helpers:", e)

def inject_callback():
# make sure lib helpers are available before attempting init()
ensure_lib()
init()

Thread(target=aimbotLoop, daemon=True).start()

dpg.create_context()

with [Link](label="Discord", tag="Primary Window"):

dpg.add_text("Aim", color=(28, 130, 207), tag="main_features_text", show=False)

dpg.add_checkbox(label="Aimbot", default_value=aimbot_enabled,
callback=aimbot_callback, tag="aimbot_checkbox", show=False)
dpg.add_checkbox(label="ESP", default_value=esp_enabled, callback=esp_callback,
tag="esp_checkbox", show=False)

dpg.add_spacer(tag="spacer1", show=False)
dpg.add_separator(tag="separator1", show=False)
dpg.add_spacer(tag="spacer2", show=False)

dpg.add_text("Injector", color=(28, 130, 207), tag="injector_text")

dpg.add_button(label="Inject", callback=inject_callback, tag="inject_button")

with [Link](label="Aimbot Settings", tag="aimbot_settings_popup", width=300,

height=200, show=False, modal=True):
dpg.add_text("Aimbot Configuration", color=(28, 130, 207))
dpg.add_spacer()

dpg.add_button(label=f"Keybind: {get_key_name(aimbot_keybind)}",
tag="keybind_button", callback=keybind_callback)
dpg.add_combo(["Hold", "Toggle"], default_value=aimbot_mode,
tag="aimbot_mode_combo", callback=aimbot_mode_callback, width=100)

dpg.add_spacer()
dpg.add_separator()
dpg.add_spacer()

dpg.add_checkbox(label="Ignore Team", default_value=aimbot_ignoreteam,

callback=aimbot_ignoreteam_callback)
dpg.add_checkbox(label="Ignore Dead", default_value=aimbot_ignoredead,
callback=aimbot_ignoredead_callback)

dpg.add_spacer()
dpg.add_button(label="Close", callback=lambda:
dpg.hide_item("aimbot_settings_popup"))

with [Link](label="ESP Settings", tag="esp_settings_popup", width=300,

height=150, show=False, modal=True):
dpg.add_text("ESP Configuration", color=(28, 130, 207))
dpg.add_spacer()

dpg.add_checkbox(label="Ignore Team", default_value=esp_ignoreteam,

callback=esp_ignoreteam_callback)
 dpg.add_checkbox(label="Ignore Dead", default_value=esp_ignoredead,
callback=esp_ignoredead_callback)

dpg.add_spacer()
dpg.add_button(label="Close", callback=lambda:
dpg.hide_item("esp_settings_popup"))

dpg.create_viewport(title="Discord", width=350, height=350)

dpg.setup_dearpygui()

dpg.set_primary_window("Primary Window", True)

Thread(target=title_changer, daemon=True).start()

dpg.show_viewport()

dpg.start_dearpygui()

dpg.destroy_context()
# don't try to terminate an external process (we no longer spawn one)

from [Link] import QApplication, QOpenGLWidget

from [Link] import Qt, QTimer
from [Link] import QColor
from [Link] import *
from numpy import array, float32, empty, einsum
from ctypes import windll, byref, Structure, wintypes
from lib import *
from sys import argv, stdin
from threading import Thread
from time import time, sleep
from struct import unpack_from
import ctypes

GWL_EXSTYLE = -20
WS_EX_LAYERED = 0x80000
WS_EX_TRANSPARENT = 0x20

class RECT(Structure):
_fields_ = [('left', [Link]), ('top', [Link]), ('right',
[Link]), ('bottom', [Link])]

class POINT(Structure):
_fields_ = [('x', [Link]), ('y', [Link])]

def find_window_by_title(title):
return [Link](None, title)

def get_client_rect_on_screen(hwnd):
rect = RECT()
if [Link](hwnd, byref(rect)) == 0:
return 0, 0, 0, 0
top_left = POINT([Link], [Link])
bottom_right = POINT([Link], [Link])
[Link](hwnd, byref(top_left))
[Link](hwnd, byref(bottom_right))
return top_left.x, top_left.y, bottom_right.x, bottom_right.y
def GetChildren(instance: int) -> list:
if not instance:
return []
children = []
start = DRP(instance + childrenOffset)
if start == 0:
return []
end = DRP(start + 8)
current = DRP(start)
for _ in range(9000):
if current == end:
break
[Link](pm.read_longlong(current))
current += 0x10
return children

class ESPOverlay(QOpenGLWidget):
def __init__(self):
super().__init__()
[Link]([Link] | [Link] |
[Link])
[Link](Qt.WA_TranslucentBackground)
[Link](Qt.WA_NoSystemBackground)
[Link](1920, 1080)
[Link] = 0
[Link] = 0
[Link] = 0

self.plr_data = []
self.last_matrix = None
self.prev_geometry = (0, 0, 0, 0)

[Link] = 0
[Link] = 0

[Link] = 'white'

hwnd = [Link]().__int__()
ex_style = [Link](hwnd, GWL_EXSTYLE)
ex_style |= WS_EX_LAYERED | WS_EX_TRANSPARENT
[Link](hwnd, GWL_EXSTYLE, ex_style)

def initializeGL(self):
glClearColor(0.0, 0.0, 0.0, 0.0)
glEnable(GL_BLEND)
glBlendFunc(GL_SRC_ALPHA, GL_ONE_MINUS_SRC_ALPHA)
glLineWidth(3.0)
glEnable(GL_LINE_SMOOTH)
glHint(GL_LINE_SMOOTH_HINT, GL_NICEST)

def resizeGL(self, w, h):

glViewport(0, 0, w, h)
glMatrixMode(GL_PROJECTION)
glLoadIdentity()
glOrtho(0, w, h, 0, -1, 1)
glMatrixMode(GL_MODELVIEW)

def paintGL(self):
glClear(GL_COLOR_BUFFER_BIT)
 glLoadIdentity()

for x, y, color in self.plr_data:

r, g, b = QColor(color).redF(), QColor(color).greenF(),
QColor(color).blueF()

glColor3f(r, g, b)
glBegin(GL_LINES)
glVertex2f([Link], [Link])
glVertex2f(x, y)

glEnd()

def update_players(self):
if lpAddr == 0 or plrsAddr == 0 or matrixAddr == 0:
sleep(1)
return

if hidden:
sleep(1)
return

if [Link]():
sleep(0.1)
return

vecs_np = empty((50, 4), dtype=float32)

count = 0

self.plr_data.clear()
if time() - [Link] > 1:
hwnd_roblox = find_window_by_title("Roblox")
if hwnd_roblox:
x, y, r, b = get_client_rect_on_screen(hwnd_roblox)
new_geom = (x, y, r - x, b - y)
if new_geom != self.prev_geometry:
[Link](*new_geom)
self.prev_geometry = new_geom
[Link] = [Link]() / 2
[Link] = [Link]() - [Link]() / 20
[Link] = time()

matrixRaw = pm.read_bytes(matrixAddr, 64)

view_proj_matrix = array(unpack_from("<16f", matrixRaw, 0),

dtype=float32).reshape(4, 4)

for head in heads:

try:
className = GetClassName(head)
if GetName(head) == 'Head' and (className == 'Part' or className ==
'BasePart' or className == 'MeshPart'):
vecs_np[count, :3] = unpack_from("<fff",
pm.read_bytes(pm.read_longlong(head + primitiveOffset) + positionOffset, 12), 0)
vecs_np[count, 3] = 1.0
count += 1
else:
vecs_np[count, :3] = 0, 0, 0
vecs_np[count, 3] = 1.0
 count += 1
except:
vecs_np[count, :3] = 0, 0, 0
vecs_np[count, 3] = 1.0
count += 1

if count == 0:
return

clip_coords = einsum('ij,nj->ni', view_proj_matrix, vecs_np[:count])

for idx, clip in enumerate(clip_coords):

if clip[3] != 0:
ndc = clip[:3] / clip[3]
if 0 <= ndc[2] <= 1:
x = int((ndc[0] + 1) * 0.5 * [Link]())
y = int((1 - ndc[1]) * 0.5 * [Link]())

try:
[Link] = colors[idx]
except IndexError:
pass
self.plr_data.append((x, y, [Link]))

[Link]()
hidden = True
def signalHandler():
global lpAddr, matrixAddr, plrsAddr, ignoreTeam, ignoreDead, hidden
while True:
for line in stdin:
line = [Link]()
if [Link]('addrs'):
addrs = line[5:].split(',')
lpAddr = int(addrs[0])
matrixAddr = int(addrs[1])
plrsAddr = int(addrs[2])
elif line == 'toogle1':
hidden = not hidden
if hidden:
esp.plr_data.clear()
[Link]()
sleep(0.1)
esp.plr_data.clear()
[Link]()
elif line == 'toogle2':
ignoreTeam = not ignoreTeam
elif line == 'toogle3':
ignoreDead = not ignoreDead

heads = []
colors = []
def headAndHumFinder():
global heads, colors
while True:
if lpAddr == 0 or plrsAddr == 0 or matrixAddr == 0:
sleep(1)
continue

if hidden:
 sleep(1)
continue

tempColors = []
tempHeads = []

lpTeam = pm.read_longlong(lpAddr + teamOffset)

for v in GetChildren(plrsAddr):
if v == lpAddr:
continue
team = pm.read_longlong(v + teamOffset)
if not ignoreTeam or (team != lpTeam and team > 0):
char = pm.read_longlong(v + int(offsets['ModelInstance'], 16))
head = FindFirstChildByName(char, 'Head')
hum = FindFirstChildOfClass(char, 'Humanoid')
if head and hum:
try:
if ignoreDead and pm.read_float(hum + healthOffset) <= 0:
continue
team = pm.read_longlong(v + teamOffset)
color = 'white'
if team > 0:
color = rbxColors[pm.read_int(team + teamColorOffset)]
[Link](color)
[Link](head)
except:
pass
heads = tempHeads
colors = tempColors
sleep(0.1)

if __name__ == "__main__":
if hasattr(sys, '_MEIPASS'):
# previously spawned [Link] here — removed
esp = None
else:
# previously spawned [Link] here — removed
esp = None

rbxColors = {
1: "#F2F3F3",
2: "#A1A5A2",
3: "#F9E999",
5: "#D7C59A",
6: "#C2DAB8",
9: "#E8BAC8",
11: "#80BBDB",
12: "#CB8442",
18: "#CC8E69",
21: "#C4281C",
22: "#C470A0",
23: "#0D69AC",
24: "#F5CD30",
25: "#624732",
26: "#1B2A35",
27: "#6D6E6C",
28: "#287F47",
29: "#A1C48C",
36: "#F3CF9B",
37: "#4B974B",
38: "#A05F35",
39: "#C1CADE",
40: "#ECECEC",
41: "#CD544B",
42: "#C1DFF0",
43: "#7BB6E8",
44: "#F7F18D",
45: "#B4D2E4",
47: "#D9856C",
48: "#84B68D",
49: "#F8F184",
50: "#ECE8DE",
100: "#EEC4B6",
101: "#DA867A",
102: "#6E99CA",
103: "#C7C1B7",
104: "#6B327C",
105: "#E29B40",
106: "#DA8541",
107: "#008F9C",
108: "#685C43",
110: "#435493",
111: "#BFB7B1",
112: "#6874AC",
113: "#E5ADC8",
115: "#C7D23C",
116: "#55A5AF",
118: "#B7D7D5",
119: "#A4BD47",
120: "#D9E4A7",
121: "#E7AC58",
123: "#D36F4C",
124: "#923978",
125: "#EAB892",
126: "#A5A5CB",
127: "#DCBC81",
128: "#AE7A59",
131: "#9CA3A8",
133: "#D5733D",
134: "#D8DD56",
135: "#74869D",
136: "#877C90",
137: "#E09864",
138: "#958A73",
140: "#203A56",
141: "#27462D",
143: "#CFE2F7",
145: "#7988A1",
146: "#958EA3",
147: "#938767",
148: "#575857",
149: "#161D32",
150: "#ABADAC",
151: "#789082",
153: "#957979",
154: "#7B2E2F",
157: "#FFF67B",
158: "#E1A4C2",
168: "#756C62",
176: "#97695B",
178: "#B48455",
179: "#898787",
180: "#D7A94B",
190: "#F9D62E",
191: "#E8AB2D",
192: "#694028",
193: "#CF6024",
194: "#A3A2A5",
195: "#4667A4",
196: "#23478B",
198: "#8E4285",
199: "#635F62",
200: "#828A5D",
208: "#E5E4DF",
209: "#B08E44",
210: "#709578",
211: "#79B5B5",
212: "#9FC3E9",
213: "#6C81B7",
216: "#904C2A",
217: "#7C5C46",
218: "#96709F",
219: "#6B629B",
220: "#A7A9CE",
221: "#CD6298",
222: "#E4ADC8",
223: "#DC9095",
224: "#F0D5A0",
225: "#EBB87F",
226: "#FDEA8D",
232: "#7DBBDD",
268: "#342B75",
301: "#506D54",
302: "#5B5D69",
303: "#0010B0",
304: "#2C651D",
305: "#527CAE",
306: "#335882",
307: "#102ADC",
308: "#3D1585",
309: "#348E40",
310: "#5B9A4C",
311: "#9FA1AC",
312: "#592259",
313: "#1F801D",
314: "#9FADC0",
315: "#0989CF",
316: "#7B007B",
317: "#7C9C6B",
318: "#8AAB85",
319: "#B9C4B1",
320: "#CACBD1",
321: "#A75E9B",
322: "#7B2F7B",
323: "#94BE81",
324: "#A8BD99",
325: "#DFDFDE",
327: "#970000",
328: "#B1E5A6",
329: "#98C2DB",
330: "#FF98DC",
331: "#FF5959",
332: "#750000",
333: "#EFB838",
334: "#F8D96D",
335: "#E7E7EC",
336: "#C7D4E4",
337: "#FF9494",
338: "#BE6862",
339: "#562424",
340: "#F1E7C7",
341: "#FEF3BB",
342: "#E0B2D0",
343: "#D490BD",
344: "#965555",
345: "#8F4C2A",
346: "#D3BE96",
347: "#E2DCBC",
348: "#EDEAEA",
349: "#E9DADA",
350: "#883E3E",
351: "#BC9B5D",
352: "#C7AC78",
353: "#CABFA3",
354: "#BBB3B2",
355: "#6C584B",
356: "#A0844F",
357: "#958988",
358: "#ABA89E",
359: "#AF9483",
360: "#966766",
361: "#564236",
362: "#7E683F",
363: "#69665C",
364: "#5A4C42",
365: "#6A3909",
1001: "#F8F8F8",
1002: "#CDCDCD",
1003: "#111111",
1004: "#FF0000",
1005: "#FFB000",
1006: "#B080FF",
1007: "#A34B4B",
1008: "#C1BE42",
1009: "#FFFF00",
1010: "#0000FF",
1011: "#002060",
1012: "#2154B9",
1013: "#04AFEC",
1014: "#AA5500",
1015: "#AA00AA",
1016: "#FF66CC",
1017: "#FFAF00",
1018: "#12EED4",
1019: "#00FFFF",
1020: "#00FF00",
 1021: "#3A7D15",
1022: "#7F8E64",
1023: "#8C5B9F",
1024: "#AFDDFF",
1025: "#FFC9C9",
1026: "#B1A7FF",
1027: "#9FF3E9",
1028: "#CCFFCC",
1029: "#FFFFCC",
1030: "#FFCC99",
1031: "#6225D1",
1032: "#FF00BF"
}

lpAddr = 0
matrixAddr = 0
plrsAddr = 0
ignoreTeam = False
ignoreDead = False

# Replace argv-based argument parsing (single-file mode: read from offsets

dict)
# old code used argv[1:] to pass offsets to the inline ESP logic; now fill
those variables from offsets
modelInstanceOffset = int([Link]('ModelInstance',
[Link]('ModelInstance', '0')), 16)
primitiveOffset = int([Link]('Primitive', '0'), 16)
# some variants use "Position" or "PartPosition" — prefer Position, fallback to
PartPosition
positionOffset = int([Link]('Position', [Link]('PartPosition', '0')),
16)
teamOffset = int([Link]('Team', '0'), 16)
teamColorOffset = int([Link]('TeamColor', '0'), 16)
healthOffset = int([Link]('Health', '0'), 16)
# use the previously configured name/children offsets
setOffsets(int([Link]('Name', '0'), 16), int([Link]('Children', '0'),
16))
childrenOffset = int([Link]('Children', '0'), 16)

Thread(target=signalHandler, daemon=True).start()

def background_process_monitor():
global baseAddr
while True:
if is_process_dead():
while not yield_for_program("[Link]", False):
sleep(0.5)
baseAddr = get_base_addr()
sleep(0.1)

Thread(target=background_process_monitor, daemon=True).start()
Thread(target=headAndHumFinder, daemon=True).start()

app = QApplication([])
esp = ESPOverlay()
[Link]()

timer = QTimer()
[Link](esp.update_players)
[Link](8)
app.exec_()