Announcement

Collapse
No announcement yet.

About

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • About

    Hey guys, just here to offer my help to any starting out coders. Any programming language ill give my best attempt to answer (reverse engineering included). I am currently working 6 days a week so I will try my best to respond promptly but am only here to provide help not code for you.

    Look forward to your questions soon.

  • #2
    Could you give me a detailed description of what DWORD is and how it's implemented in code for hacking games?
    sigpic

    Comment


    • #3
      Originally posted by Honey. View Post
      Could you give me a detailed description of what DWORD is and how it's implemented in code for hacking games?
      DWORD is well, an example is DLL_PROCESS_ATTACH. This is a pretty common DWORD when hacking games. Basically, it's like a global word you can use as a variable; normally they are passed to functions and depending on what it is, you will do different things.

      However, your completely inaccurate. It's not just implemented because it's a type class - it is pre-implemented for you and only needs to be included & used. And it is not specific to hacking games, which is a completely irrelevant concept and if that's your only goal you will get no where.

      Do not learn to "hack" if it's your only goal with programming. You will never write good code. Also you need to learn programming before even thinking about hacking.

      Comment


      • #4
        Originally posted by Agluk15 View Post
        DWORD is well, an example is DLL_PROCESS_ATTACH. This is a pretty common DWORD when hacking games. Basically, it's like a global word you can use as a variable; normally they are passed to functions and depending on what it is, you will do different things.

        However, your completely inaccurate. It's not just implemented because it's a type class - it is pre-implemented for you and only needs to be included & used. And it is not specific to hacking games, which is a completely irrelevant concept and if that's your only goal you will get no where.

        Do not learn to "hack" if it's your only goal with programming. You will never write good code. Also you need to learn programming before even thinking about hacking.
        I've been in a Programming class for 2 years now. Just working on solid basics through out the entire course. I'm only now taking it upon myself to actually learn more 'in-depth'. My main goal is to make hacks, but it's not all I focus on. We work on small, different projects every day in this class. But my teacher doesn't seem to move passed the basics, even for the higher programming classes. Which is why I'm trying to learn on my own now. Staying with the basics won't let me move on to more complex code. Anyway thanks for the info.
        sigpic

        Comment


        • #5
          From this source http://www.computerhope.com/jargon/d/doublew.htm

          "A double word is a single unit of data expressing two adjacent words (a word is a standard unit of data for a certain processor architecture). For instance, if a single word is 16-bits in size, a double word would be 32-bits. A double word can doubled a second time, which turns it into a very long word that is 64-bits."

          I only really have experience with hacking 32bit games but lots of newer games you will find yourself running into Quad words (QWORDS) hense the sizes 32bits and 64bits.
          DWORDS are usually used in hacks to represent addresses in memory, you could store addresses as any data type but DWORD is prefered because it has the perfect value range of addressable values in a 32bit application.

          Useful links:



          If you are looking into learning hacking my advice would be to learn cheatengine first. Since you are already learning programming you should get familiar with games memory. Also try making simple hacks for games like assault cube or any unprotected game before jumping into games that spend huge money on anticheat.

          Comment


          • #6
            Originally posted by Matypatty View Post
            From this source http://www.computerhope.com/jargon/d/doublew.htm

            "A double word is a single unit of data expressing two adjacent words (a word is a standard unit of data for a certain processor architecture). For instance, if a single word is 16-bits in size, a double word would be 32-bits. A double word can doubled a second time, which turns it into a very long word that is 64-bits."

            I only really have experience with hacking 32bit games but lots of newer games you will find yourself running into Quad words (QWORDS) hense the sizes 32bits and 64bits.
            DWORDS are usually used in hacks to represent addresses in memory, you could store addresses as any data type but DWORD is prefered because it has the perfect value range of addressable values in a 32bit application.

            Useful links:



            If you are looking into learning hacking my advice would be to learn cheatengine first. Since you are already learning programming you should get familiar with games memory. Also try making simple hacks for games like assault cube or any unprotected game before jumping into games that spend huge money on anticheat.
            Thanks for the advise! I'll begin my quest to hacking Assault Cube this weekend
            sigpic

            Comment


            • #7
              I was wondering if you can help me with reverse engineering. How do people get the ClientMGR classes and things like that? atm, im using pattern scanning

              Comment


              • #8
                Every game engine has different known hacking techniques. In this case Combat arms and crossfire both use the Lithtech engine. Since the base code of the engine rarely changes, and Lithtech being fairly old we have a few resources up our selves.

                I have had a local copy of the engine for a long time but here is a new link:
                Contribute to jsj2008/lithtech development by creating an account on GitHub.


                Lucky for us, Lithtech is now open source so we can look through the code of the game and have a good understanding on how Combat arms / Crossfire is working behind the scenes. From looking through this, Ive found things such as a function called "SwitchToScreen" where you can just call it with a number and it will switch to that screen. Combat arms had a GM type screen I found but it they removed the function within days, a perfect example of lazy development. Back to the explanation.

                We have another tool at our disposal which is the IDA Hex rays plugin. It turns any ASM function into c styled psudocode and you can go in and rename variables etc.

                Functions are easy to find with this method. You can search for strings or values, for example if you are looking for a function that in the source code has something like:
                void FireWeapon()
                {
                if(CurrentWeapon->Ammo->Type == E_PROJECTILE)
                etc...
                }
                And E_PROJECTILE is defined as 3, you can look for all instances of 3 in the code. 3 is a bit of a bad example as it is probably fairly common but who knows. It will probably equate to cmp eax, 3 or similar so that will narrow it down a bit.

                Psudocode a few functions and look at them side by side to see if they look similar.

                Another way is to look for strings. Strings are usually removed if they are debug messages but this is what I would try and do first. Search the string, jump to the function, psudocode.

                -------------------------

                Once you get that process sorted, look for a function that contains the class you want to find in the game. Find that function and then in the psudocode you will be able to get the address of the function.

                That's the general process but if you need any extra explanation on anything don't hesitate to ask

                Happy Hacking.

                Comment


                • #9
                  ok thanks. i will look into the lithtech code and mess around with ida some more

                  Comment


                  • #10
                    Originally posted by Matypatty View Post
                    Every game engine has different known hacking techniques. In this case Combat arms and crossfire both use the Lithtech engine. Since the base code of the engine rarely changes, and Lithtech being fairly old we have a few resources up our selves.

                    I have had a local copy of the engine for a long time but here is a new link:
                    Contribute to jsj2008/lithtech development by creating an account on GitHub.


                    Lucky for us, Lithtech is now open source so we can look through the code of the game and have a good understanding on how Combat arms / Crossfire is working behind the scenes. From looking through this, Ive found things such as a function called "SwitchToScreen" where you can just call it with a number and it will switch to that screen. Combat arms had a GM type screen I found but it they removed the function within days, a perfect example of lazy development. Back to the explanation.

                    We have another tool at our disposal which is the IDA Hex rays plugin. It turns any ASM function into c styled psudocode and you can go in and rename variables etc.

                    Functions are easy to find with this method. You can search for strings or values, for example if you are looking for a function that in the source code has something like:


                    And E_PROJECTILE is defined as 3, you can look for all instances of 3 in the code. 3 is a bit of a bad example as it is probably fairly common but who knows. It will probably equate to cmp eax, 3 or similar so that will narrow it down a bit.

                    Psudocode a few functions and look at them side by side to see if they look similar.

                    Another way is to look for strings. Strings are usually removed if they are debug messages but this is what I would try and do first. Search the string, jump to the function, psudocode.

                    -------------------------

                    Once you get that process sorted, look for a function that contains the class you want to find in the game. Find that function and then in the psudocode you will be able to get the address of the function.

                    That's the general process but if you need any extra explanation on anything don't hesitate to ask

                    Happy Hacking.
                    When you tell me to psudocode something, what exactly am i dissembling with IDA? Do I find the asm functions in CShell or is it something else? Thanks for the help

                    Comment


                    • #11
                      Originally posted by anotherprogrammer View Post
                      When you tell me to psudocode something, what exactly am i dissembling with IDA? Do I find the asm functions in CShell or is it something else? Thanks for the help
                      If you used to use OllyDBG, IDA lays out the disassembly much nicer. Most things should be laid out in a function format:


                      Place your cursor inside the function anywhere and press F5


                      Another useful thing you can do is right click and copy to assembly. This way you can relate the psudocode to the actual instructions.

                      Comment


                      • #12
                        Hey i just found this website
                        So i was just wondering, ive been seeing "Single Player Bots" such as http://www.elitepvpers.com/forum/com...layer-bot.html. Any idea on how they work? is it a SendtoServer thing or something else? im just really curious on how it works

                        Comment


                        • #13
                          hey man im back, been trying to hook engine game functions but even when the hook is successful, it crashes. I know my detours functions is undetected. Any ideas on how to bypass whatever is detecting me? Also, how does it know when i edit(write a jmp) memory in engine? i hooked some random place where engine renders the players and it still crashed after 5 minutes. what is it doing?

                          Comment


                          • #14
                            Originally posted by bretherzi View Post
                            Hey i just found this website
                            So i was just wondering, ive been seeing "Single Player Bots" such as http://www.elitepvpers.com/forum/com...layer-bot.html. Any idea on how they work? is it a SendtoServer thing or something else? im just really curious on how it works
                            From what I can see it looks like Its just some mapped keypresses to create the game and then more keypresses to randomly throw explosives in hope of killing bots, this could be made much better with data from the actual game (might look into this actually)

                            video, sharing, camera phone, video phone, free, upload


                            Here is something that I attempted to make back in the day to complete fireteam, It was a great proof of concept but was unable to get the bot to open doors or activate anything for that matter. Basically had a set of waypoints(visible from the dots on screen) and would just walk the path whilst aimbot was enabled. It knew where to look and press the E key but combat arms is very strict with emulating keypresses to attempt to stop spammers and such.

                            Contact me if you are interested in developing something like this though, I didnt know they implemented a bots option which would make some kind of auto playing bot really useful.

                            Originally posted by anotherprogrammer View Post
                            hey man im back, been trying to hook engine game functions but even when the hook is successful, it crashes. I know my detours functions is undetected. Any ideas on how to bypass whatever is detecting me? Also, how does it know when i edit(write a jmp) memory in engine? i hooked some random place where engine renders the players and it still crashed after 5 minutes. what is it doing?
                            If we are talking about combat arms I would say this is the work of their custom anticheat BlackCipher. A few years ago they were also doing something similar to detect any memory modification to engine by comparing md5's to check for code changes. My best bet would be that they are checking for jumps to addresses outside of the memory range of engine.exe (aka jmp to an external code). Have you tried manually mapping your code into engine? Otherwise there are lots of other modern detour methods that may not be searched for (jmp being the oldest trick in the book and usually detected). When I was actively developing game cheats hardware breakpoints were my go to undetected method.

                            Comment


                            • #15
                              i believe hardware breakpoints are detected but i haven't tried it yet, maybe ill take a look at it. Im working on my own manual mapper right now so i guess ill manual map into engine and see if that reduces detection. Thanks for the help, ill let you know if i get anywhere.
                              P.S. that fireteam bot looks really nice lol. I haven't seen anyone do anything like that

                              Comment

                              Working...
                              X