Go Back

A small reply to Derek's Comment(s)

Hi Derek (see his comment here),

Its great to see some people are actually reading my blog :D

I've been short on time the past week, but at least this week I seem to have a few evenings free :)

I completely understand the issue that things get tricky when pointers get involved. Pointers tend to change when the game restarts and/or finishes a loading sequence. I will see if I can help out a bit in that area in the coming days.

Most of the time the only pointer your interested in is the player object pointer. The player object is stored in memory somewhere and usually contains things like the name of the player, its location, its health, etc. These days its hard to find a game that doesnt use a player object in one shape or form.

So when you look for, for example, health you will often find a memory location which is actually an offset in the player object. The trick is to find a static location which holds the pointer for the player object.

This can be very easy (Torchlight has a static address which always contains the pointer to the player object) but it can also be (very) hard. Mass Effect and Trine do not have a static pointer to the player object but use object-lists to store the pointers.

I actually wanted to hack Mass Effect before Mass Effect 2 came out, so I could finish it again on the hardest mode :) But I never got around to it, too busy with other games / real life / etc.

From my initial check of Mass Effect (its hard due to its debugger protection and its unwillingness to run in VMware) seems to be using an object-list to store the object pointers (often not only friendlies but also enemies). These are probably the hardest to hack if you want to change stats.

If you encounter a game which uses an object-list to store object pointers there are a couple of things you can do.

One of them is reverse engineer the way this list is stored, write your own access routines for it, and modify values (Defense Grid was an example for that).

But you can also see if you can find out what decreases health, then see if you can find out what the game uses to identify enemies from friendlies. Thats what I did for Trine.

I am currently working on a proof of concept radar for Modern Warfare 2. It will read the player objects from memory and show them in a radar. Limited use but it'll cover the idea of reverse engineering the way objects are stored in memory. More on this later this week (I think I have the basics figured out, but havent tested anything yet).

That said, I will take a quick look into Mass Effect again tomorrow, see if I can write a quick hack and show you what I did. I did find the instruction a while back that decreased health, but enemies also became invincible. This is the same thing that happened with Trine. I might also write a blog about why this happens, but people with object oriented programming can probably understand why it happens.

As for Warhammer Online (I dont mind Google picking up on it ;), it actually doesnt use Punkbuster. But if it would use Punkbuster then it wouldnt worry me at all.

The hacks that I use for the game are not public (and wont be, until I quit playing) and as such cant be picked up by Punkbuster.

Everything I've read about Punkbuster indicates that you can compare it with a virus scanner. It will detect some common ways to hack a game (like the windows Read/WriteProcessMemory functions) and it'll detect known hacks, but private / unknown hacks wont be picked up by Punkbuster.

So my tip for games that do use Punkbuster, write private hacks and keep them private.

Posted by: Da_Teach on Tuesday, February 2, 2010  •  Pointers

  • Facebook
  • Twitter
  • DZone It!
  • Digg It!
  • StumbleUpon
  • Technorati
  • Del.icio.us
  • NewsVine
  • Reddit
  • Blinklist
  • Add diigo bookmark
Post a comment!
  1. Formatting options