Author | Message | Time |
---|---|---|
Insolence | I'm trying to learn reverse engineering, and I found a game that I don't think many (if any) have had a chance to hack yet and I'm wondering how I should go about it. I don't have much experience, so I don't expect to find too much, but I'd like to give it a shot :) First, I'd like to find the world x/y and hopefully the Player's Character (Hero/Me/whatever) structure (life/mana/so on). I don't know the world x/y, so should I look for the health/mana and look for numbers 3-5 digits long within 300 bytes of them or something? | August 13, 2007, 10:04 AM |
iago | If you're serious about learning, take a look at my wiki: http://www.skullsecurity.org/wiki/index.php/Assembly If you just want to find out about the player's position, this page might help: http://www.skullsecurity.org/wiki/index.php/Memory_Searching | August 13, 2007, 5:59 PM |
warz | It's always tough starting out cold turkey. You'll need to find something to work off of. I'd suggest starting easy - locate where health, mana, money, whatever is stored and then play around with that. From that position, you can most likely locate the print text function, if any, and that will open up a whole lot of options. Locating some kind of print text function that draws the health or something that's always visible, or a function that draws certain GUI sections, is huge, because then you can locate main loops used to do things. With those small things being commented on, you can then find more detailed things a littler easier. Reverse engineering and writing hacks is not a quick process when you're dealing with new things - especially if you're a beginner. | August 13, 2007, 6:17 PM |
Insolence | [quote author=iago link=topic=16941.msg171544#msg171544 date=1187027957] If you're serious about learning, take a look at my wiki: http://www.skullsecurity.org/wiki/index.php/Assembly If you just want to find out about the player's position, this page might help: http://www.skullsecurity.org/wiki/index.php/Memory_Searching [/quote]Yeah, I've read all of your Starcraft stuff and sent you an email thanking you :) I'll check it out again. [quote]It's always tough starting out cold turkey. You'll need to find something to work off of. I'd suggest starting easy - locate where health, mana, money, whatever is stored and then play around with that. From that position, you can most likely locate the print text function, if any, and that will open up a whole lot of options. Locating some kind of print text function that draws the health or something that's always visible, or a function that draws certain GUI sections, is huge, because then you can locate main loops used to do things. With those small things being commented on, you can then find more detailed things a littler easier. Reverse engineering and writing hacks is not a quick process when you're dealing with new things - especially if you're a beginner.[/quote]Ah, those are good ideas. Thanks a lot. The game doesn't seem to want me to run it with OllyDbg, or any kind of debugger (CheatEngine also crashed). I'll have to get past that a bit first. | August 13, 2007, 8:52 PM |
warz | Are you attaching to the running process, or using OllyDbg to open it? You'll just want to attach to it. | August 14, 2007, 4:20 AM |
Insolence | [quote author=betawarz link=topic=16941.msg171562#msg171562 date=1187065210] Are you attaching to the running process, or using OllyDbg to open it? You'll just want to attach to it. [/quote]I was trying both and neither worked--might be something with my Olly. However, with CheatEngine I made a little progress and found the pointer to the Player (Hero) struct, and a pointer to some kind of stat structure (it had the current mana, but not life--maybe life is a word instead of dword). EDIT: Forgot to mention I enabled all the options trying to hide CheatEngine stuff. | August 14, 2007, 4:47 AM |
warz | What game, if I may ask? You'll run into a lot of interesting situations. For example, things such as life, or money, etc, might be stored differently if the values are different between different races/classes/whatever. In brood war, the value of your current units, or whatever, isn't as easily found as money, or minerals because of the fact that zerg has things like zerglings which count as essentially 0.5 of a unit, and stuff. I don't remember the exact details, but the value, in memory, is stored as a multiple of two or something. This is just an example. If health is displayed during the entire duration of the games play time, you should be able to find it with a memory searching utility, at least, and it'll give you the address of the data array storing the printed value sometimes. I've forgot what my original point of this post was because I'm watching TV and drinking beer, but knowing what game youre talking about will help us help you. | August 14, 2007, 6:00 AM |
Insolence | [quote author=betawarz link=topic=16941.msg171564#msg171564 date=1187071206] What game, if I may ask? You'll run into a lot of interesting situations. For example, things such as life, or money, etc, might be stored differently if the values are different between different races/classes/whatever. In brood war, the value of your current units, or whatever, isn't as easily found as money, or minerals because of the fact that zerg has things like zerglings which count as essentially 0.5 of a unit, and stuff. I don't remember the exact details, but the value, in memory, is stored as a multiple of two or something. This is just an example. If health is displayed during the entire duration of the games play time, you should be able to find it with a memory searching utility, at least, and it'll give you the address of the data array storing the printed value sometimes. I've forgot what my original point of this post was because I'm watching TV and drinking beer, but knowing what game youre talking about will help us help you. [/quote]Mythos Closed Beta (or is it Alpha?) is what I'm playing with right now. I found the Mana and such, however the Life doesn't seem to be anywhere near it. Really strange, I'll have to keep playing. | August 14, 2007, 6:54 AM |