Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
169 views5 pages

DLL Offsets

The document provides detailed offsets for patching the RobloxPlayerBeta.dll and RobloxPlayerBeta.exe, including various memory segments and functions. It includes specific offsets for operations such as inserting into data structures, handling mouse events, and managing Lua states. The document is structured with namespaces and constants for easy reference and modification.

Uploaded by

newcom mer
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
169 views5 pages

DLL Offsets

The document provides detailed offsets for patching the RobloxPlayerBeta.dll and RobloxPlayerBeta.exe, including various memory segments and functions. It includes specific offsets for operations such as inserting into data structures, handling mouse events, and managing Lua states. The document is structured with namespaces and constants for easy reference and modification.

Uploaded by

newcom mer
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 5

DLL Offsets

Offsets used for patching RobloxPlayerBeta.dll.

// YuB-X Version: 2.0.8


// Roblox Version: version-765338e04cf54fde
// Dump Time: 2025-07-10 17:16:34
#pragma once
#include <cstdint>

namespace unordered_set {
using insert = void* (__fastcall*)(void*, void*, void*);
}

const uintptr_t dumpsetinsert = (0xCBAE30);


const uintptr_t BitMap = (0x297908);
const uintptr_t whitelist = (0x29AE70);

const uintptr_t CFG_PAGE_HASH_KEY = (0xC9E94648);


const uintptr_t CFG_VALIDATION_XOR = (0xD);

Client Offsets
Offsets for RobloxPlayerBeta.exe memory segments.
// YuB-X Version: 2.0.8
// Roblox Version: version-765338e04cf54fde
// Dump Time: 2025-07-09 22:43:32

#pragma once

#include <Windows.h>
#include <iostream>
#include <vector>

static uintptr_t Roblox_BASE = (uintptr_t)GetModuleHandleA(0);


#define REBASE(x) (x + Roblox_BASE)
inline const uintptr_t Hyperion_Base =
(uintptr_t)GetModuleHandle("RobloxPlayerBeta.dll");
#define Hyperion_Rbase(x) ((x) + Hyperion_Base)

struct SignalT;
struct lua_State;
struct Proto;

struct DebuggerResult_T {
std::int32_t result;
std::int32_t unk[0x4];
};
struct WeakThreadRef {
std::atomic< std::int32_t > _refs;
lua_State* thread;
std::int32_t thread_ref;
std::int32_t object_id;
std::int32_t unk1;
std::int32_t unk2;

WeakThreadRef(lua_State* L)
: thread(L), thread_ref(NULL), object_id(NULL), unk1(NULL), unk2(NULL) {
};
};
typedef enum { SUCCESS, YIELD, ERR } SCResume_Result;

namespace Offsets {
const uintptr_t dumpsetinsert =
Hyperion_Rbase(0xCBAE30);
const uintptr_t BitMap =
Hyperion_Rbase(0x297908);
const uintptr_t whitelist =
Hyperion_Rbase(0x29AE70);

const uintptr_t CFG_PAGE_HASH_KEY = (0xC9E94648);


const uintptr_t CFG_VALIDATION_XOR = (0xD);

const uintptr_t FlogDataBank = REBASE(0x644E568);


const uintptr_t ScriptContextResume = REBASE(0xDE24B0);
const uintptr_t AppdataInfo = REBASE(0x682B5F8);
const uintptr_t OpcodeLookupTable = REBASE(0x5159b40);
const uintptr_t GetCurrentThreadId = REBASE(0x3879620);
const uintptr_t Print = REBASE(0x14AD380);
const uintptr_t TaskDefer = REBASE(0xFFA6A0);

const uintptr_t RawScheduler = REBASE(0x68F3BC8);


const uintptr_t TaskSchedulerTargetFps = REBASE(0x63FA88C);
const uintptr_t GetGlobalState = REBASE(0xDD2460);
const uintptr_t LuaVMLoad = REBASE(0xB61D20);
const uintptr_t RequestCode = REBASE(0x91C6D0);

const uintptr_t Impersonator = REBASE(0x3383CA0);


const uintptr_t PushInstance = REBASE(0xEB0250);
const uintptr_t PushInstance2 = REBASE(0xEB02A0);
const uintptr_t Luau_Execute = REBASE(0x2685CE0);
const uintptr_t LuaD_throw = REBASE(0x2653370);
const uintptr_t LuaO_NilObject = REBASE(0x4740F38);
const uintptr_t LuaH_DummyNode = REBASE(0x4740958);
const uintptr_t KTable = REBASE(0x63FA910);

const uintptr_t FireMouseClick = REBASE(0x1BC75E0);


const uintptr_t FireRightMouseClick = REBASE(0x1BC7780);
const uintptr_t FireMouseHoverEnter = REBASE(0x1BC8B80);
const uintptr_t FireMouseHoverLeave = REBASE(0x1BC8D20);

const uintptr_t FireTouchInterest = REBASE(0x1DDDF10);


const uintptr_t GetIdentityStruct = REBASE(0x3879850);
const uintptr_t IdentityPtr = REBASE(0x6430708);
const uintptr_t GetProperty = REBASE(0xA757B0);
const uintptr_t FireProximityPrompt = REBASE(0x1C91A20);

namespace InternalFastFlags {
const uintptr_t EnableLoadModule = REBASE(0x5B44AC8);
const uintptr_t DebugCheckRenderThreading = REBASE(0x5B6E3D0);
const uintptr_t RenderDebugCheckThreading2 = REBASE(0x5B99730);
const uintptr_t DisableCorescriptLoadstring = REBASE(0x5B44AA8);
const uintptr_t LockViolationInstanceCrash = REBASE(0x5B4F670);
const uintptr_t LockViolationScriptCrash = REBASE(0x5B447E0);
const uintptr_t WndProcessCheck = REBASE(0x5B33A30);
const uintptr_t LuaStepIntervalMsOverrideEnabled = REBASE(0x5B47200);
const uintptr_t GetFastFlag = REBASE(0x38992F0);
const uintptr_t SetFastFlag = REBASE(0x3899D80);
}
namespace LuaUserData {
const uintptr_t GlobalState = 0x140;
const uintptr_t DecryptState = 0x88;
const uintptr_t ScriptContext = 0x3B0;
const uintptr_t ScriptInstance = 0x50;
const uintptr_t DisableRequireLock = 0x7D8; // change same
time string xerf 'Cannot require a non-RobloxScript module from a RobloxScript'
}

namespace ReplicateSignal {
const uintptr_t Register = REBASE(0x2647F00);
const uintptr_t CastArgs = REBASE(0xBEA8F0);
const uintptr_t VariantCastInt64 = REBASE(0x143B8F0);
const uintptr_t VariantCastInt = REBASE(0x143B5E0);
const uintptr_t VariantCastFloat = REBASE(0x143BF30);
}

namespace Instance {
const uintptr_t ClassDescriptor = 0x18;
const uintptr_t PropertyDescriptor = 0x3B8;
const uintptr_t ClassName = 0x8;
const uintptr_t Name = 0x78;
const uintptr_t Children = 0x80;
}

namespace Scripts {
const uintptr_t LocalScriptEmbedded = 0x1B0;
const uintptr_t ModuleScriptEmbedded = 0x158;
const uintptr_t weak_thread_node = 0x188;
const uintptr_t weak_thread_ref = 0x8;
const uintptr_t weak_thread_ref_live = 0x20;
const uintptr_t weak_thread_ref_live_thread = 0x8;
}

namespace ExtraSpace {
const uintptr_t Identity = 0x30;
const uintptr_t Capabilities = 0x48;
}

namespace TaskScheduler {
const uintptr_t FpsCap = 0x1B0;
const uintptr_t JobStart = 0x1D0;
const uintptr_t JobEnd = 0x1D8;

namespace Job {
const uintptr_t Name = 0x18;
const uintptr_t TypeName = 0x150;

namespace WaitingHybridScriptsJob {
const uintptr_t ScriptContext = 0x1F8;
}
}
}

namespace DataModel {
constexpr uintptr_t PropertiesStart = 0x30;
constexpr uintptr_t PropertiesEnd = 0x38;
constexpr uintptr_t Type = 0x60;
constexpr uintptr_t TypeGetSetDescriptor = 0x98;
constexpr uintptr_t getVFtableFunc = 0x10;
const uintptr_t FakeDataModelPointer = REBASE(0x682B928);
constexpr uintptr_t FakeDataModelToDataModel = 0x1B8;

constexpr uintptr_t GameLoaded = 0x650;


constexpr uintptr_t PlaceId = 0x1A0;
constexpr uintptr_t GameId = 0x198;
constexpr uintptr_t ModuleFlags = 0x6E0 - 0x4;
constexpr uintptr_t IsCoreScript = 0x6E0;
constexpr uintptr_t Children = 0x80;
constexpr uintptr_t ChildrenEnd = 0x8;

constexpr uintptr_t Name = 0x78;


constexpr uintptr_t ClassDescriptor = 0x18;
constexpr uintptr_t PropDescriptor = 0x3B8;
constexpr uintptr_t ClassName = 0x8;
constexpr uintptr_t PrimitiveTouch = 0x178LL;
constexpr uintptr_t Overlap = 0x1C8;

const uintptr_t weak_thread_node = 0x188;


const uintptr_t weak_thread_ref = 0x8;
const uintptr_t weak_thread_ref_live = 0x20;
const uintptr_t weak_thread_ref_live_thread = 0x8;
}
}

namespace Roblox {
inline auto Print = (uintptr_t(__fastcall*)
(int, const char*, ...))Offsets::Print;
inline auto RequestCode = (uintptr_t(__fastcall*)
(uintptr_t, uintptr_t))Offsets::RequestCode;
inline auto PushInstance = (uintptr_t *
(__fastcall*)(lua_State*, uintptr_t))Offsets::PushInstance;
inline auto PushInstance2 = (void(__fastcall*)
(lua_State*, void*))Offsets::PushInstance;
inline auto FireProximityPrompt = (uintptr_t *
(__thiscall*)(uintptr_t))Offsets::FireProximityPrompt;
inline auto FireMouseClick = (void(__fastcall*)
(__int64 a1, float a2, __int64 a3))Offsets::FireMouseClick;
inline auto FireRightMouseClick = (void(__fastcall*)
(__int64 a1, float a2, __int64 a3))Offsets::FireRightMouseClick;
inline auto FireMouseHoverEnter = (void(__fastcall*)
(__int64 a1, __int64 a2))Offsets::FireMouseHoverEnter;
inline auto FireMouseHoverLeave = (void(__fastcall*)
(__int64 a1, __int64 a2))Offsets::FireMouseHoverLeave;
inline auto FireTouchInterest = (void(__fastcall*)
(uintptr_t, uintptr_t, uintptr_t, bool, bool))Offsets::FireTouchInterest;
inline auto KTable =
reinterpret_cast<uintptr_t*>(Offsets::KTable);
inline auto GetProperty = (uintptr_t *
(__thiscall*)(uintptr_t, uintptr_t*))Offsets::GetProperty;
inline auto Impersonator = (void(__fastcall*)
(std::int64_t*, std::int32_t*, std::int64_t))Offsets::Impersonator;
inline auto TaskDefer = (int(__fastcall*)
(lua_State*))Offsets::TaskDefer;
inline auto LuaVMLoad = (uintptr_t(__fastcall*)
(int64_t, std::string*, const char*, int))Offsets::LuaVMLoad;
inline auto CastArgs = (uintptr_t(__fastcall*)
(lua_State * L, int, void*, bool, int))Offsets::ReplicateSignal::CastArgs;
inline auto CastInt = (void(__fastcall*)(void*
L))Offsets::ReplicateSignal::VariantCastInt;
inline auto CastInt64 = (void(__fastcall*)(void*
L))Offsets::ReplicateSignal::VariantCastInt64;
inline auto CastFloat = (void(__fastcall*)(void*
L))Offsets::ReplicateSignal::VariantCastFloat;
inline auto SCResume = (int(__fastcall*)
(std::int64_t scriptcontext_inst, DebuggerResult_T*, WeakThreadRef**, int32_t narg,
bool resumeError, const char* szErrorMessage))Offsets::ScriptContextResume;
inline auto GetIdentityStruct = (uintptr_t(__fastcall*)
(uintptr_t))Offsets::GetIdentityStruct;
inline auto Luau_Execute = (void(__fastcall*)
(lua_State*))Offsets::Luau_Execute;
inline auto LuaD_Throw = (void(__fastcall*)
(lua_State*, int))Offsets::LuaD_throw;

inline lua_State* GetGlobalState(uintptr_t globalstate) {


size_t offset = 48;
uintptr_t GlobalState = globalstate + offset;
const uint32_t* ptr = reinterpret_cast<const uint32_t*>(GlobalState + 0x88);
const uint32_t DecryptState = static_cast<uint32_t>(GlobalState + 0x88);
return reinterpret_cast<lua_State*>((static_cast<uint64_t>(ptr[1] ^
DecryptState) << 32) | (ptr[0] ^ DecryptState));
}}

You might also like