Go Back

Steam's anti-debugging code

I bought a few more steam games on friday (F.E.A.R. 3, DeusEx, Brinck, Fall out series, Duke Nukem) and ran into the annoying crash-at-breakpoint again. This time, however, I decided to put some time into it to try and find why this is happening.

After a lot of googling I ran into this blog post:

While it does not specifically mention Steam, it does explain why WinDBG (and other debuggers like OllyDBG and C.E.) crash the game when a break point is triggered. Windows simply does not tell WinDBG about the break point and as such it crashes the game (as the game can't handle it either).

So I spend several hours figuring out ways to circumvent the "ThreadHideFromDebugger" flag.

At first I tried to undo the "ThreadHideFromDebugger" flag, but apparently once you've set this flag, it stays on  (there's no way to turn it off on a thread). I then tried to access the ETHREAD structure which gets modified by "NtSetInformationThread" but apparently you can't get access to the ETHREAD structure from User Space (at least not in any way that I could find).

So the only way to get rid of the "ThreadHideFromDebugger" flag is by not letting the application set the flag. There's two ways to do this, stop it in user mode or in kernel mode. Kernel mode is nice, but it really isn't funny to BSOD your system a lot while developing the driver. Also the whole 'need it to be signed' part for x64 sucks. But this is still a valid option which I might look into.

But I decided to write a user mode DLL which you can inject into Steam. Once it's injected, you simply have to start the game you want to debug from within steam and the DLL does all the work for you. It hooks 3 functions, CreateProcessA/W and NtSetInformationThread, the NtSetInformationThread hook is responsible for actually disabling the "ThreadHideFromDebugger" flag. The CreateProcess hooks are used to hook any game launched by Steam.

There's 1 big *read this*, do *not* start VAC-games (and probably also PunkBuster games) with this DLL loaded into Steam! It will most likely get you banned. Also a small disclaimer, only use this to cheat in single player games. Cheating in online-games is wrong mkay! ;)

You can download it here.

Posted by: Da_Teach on Sunday, August 7, 2011  •  Comments (230)  •  Full story  •  C# Hack Cheat Engine WinDBG Anti-Debugger

Defense Grid Updated (again, by populair demand)

It seems that there was some type of point-gather-thing during my vacation which made you able to earn goodies, or something. But I couldn't update the trained on account of me being on vacation :)

I'm back but I think reason people wanted the trainer might be over. Still it's updated and you can download it here.

Posted by: Da_Teach on Friday, July 15, 2011  •  Comments (44)  •  Full story  •  C# Trainer Defense Grid

Rift - Putting it all together

A few people asked me for example code, so I wrote a small proof of concept Entity Reader.

This will basically list all entities in the memory of Rift and list various properties of the entity components. It will also list extended Player/Target information and list group / raid info. This is far from all the available data, but it's all that I have thus far.

If you decide to use this, at least give me some credit and don't try to pass this off as your own work! Other then that, use this as you wish (keep in mind that on the actual source, my usual license still applies).

Also, I will *not* be updating the offsets / pointers /etc. Also if your not a developer/hacker then this proof of concept won't help you. It's not compiled and does not do anything past listing all the entities!

Note, the proof of concept no longer works due to version differences, but it does give the general idea on how it should work (if you update the pointers using my other blogs, it'll probably work again)

Posted by: Da_Teach on Wednesday, March 30, 2011  •  Comments (53)  •  Full story  •  C# Rift

EVE Online: L4 Mission Bot - Part #5

A lot of people have been bugging me about an update to Questor and while I haven't fully decided yet if I want to release the source of PySharp and DirectEve (my custom libraries), I did decide that I wanted to release a new version of Questor.

So here it is, a new build of Questor, the user friendly version. Unpack the zip file to your ".NET Programs" folder in your InnerSpace directory.

To get started with this version, there are a few things you need to configure. Firstly, you need to rename the "rename_to_charname.xml" file to your charactername.xml, for example "IRBot.xml" if your char is called "IRBot".

Once that is done, you need to edit the XML file (any editor will do, even notepad), its a file which basically tells the bot which missions to accept, which ship(s) to use, what ammo to use, etc. I have added XML comments to each section. So you should be able to fill it in relatively easy.

Some of the sections contain id's, like type id and group id. These id's can be looked up in the InvTypes.xml file.

Once that is done, startup EVE with InnerSpace. Load up ISXEVE (at the moment its still required). And then load up Questor using "dotnet Questor" command in the InnerSpace console.

After that you'll get presented with a form with loads of different buttons. Normally there are only 2 interesting buttons. One is "Begin" and the other is "Auto 'BEGIN'" (ok not really a button). While there's more buttons, they are mostly there for testing.

If you filled in everything correctly in the settings XML file (e.g. "IRBot.xml"), then the bot should talk to your mission agent, accept a combat mission, fly to the mission, etc, etc, etc. The bot will decline all courier missions and decline missions in/into low-sec.

While the bot is able to automatically do all normal kill missions. Some missions require the bot to kill structures or pickup loot. These missions require (sadly enough) specialized mission-actions. I've included two sets, one for L4 Caldari Mission agents (might not be complete) and one for L4 Galente Missions (should be complete, at least was for my agent).

That in theory should be enough info to get you started. If you run into a bug or question, dont be afraid to leave a comment, however I'm not your help desk, stupid question as such will be ignored!

For all that missed the download link above, click here to download Questor.

Posted by: Da_Teach on Friday, November 26, 2010  •  Comments (293)  •  Full story  •  EVE Online C# ISXEVE Inner Space Questor Bot

EVE Online: L4 Mission Bot

Due to being extremely busy with work, I haven't had the time that I wanted on this project. Don't worry, I will release a version of the bot. But it will most likely not be based on ISXEVE. I've had it with their slow updates on requests and the fact that after several weeks (months?) of a promised performance fix. I'm not doubting the resolve of the ISXEVE team, I just have a feeling their not able to get the update working the way they want it (which would be bug free).

With that in mind I have (re)started work on my own way to access the inner workings of EVE. Most of you probably don't know this, but I wrote a Proof of Concept innerspace extension for EVE before ISXEVE came out. It only did a few basic things, but due to time constraints I never finished it. If you search around the web, you might still find the source code. However that code is severely outdated.

To give you guys a sneak preview of the C# Python 'Access Layer' (which I have called PySharp) that I am working on, this is how easy it has become:

using (var pySharp = new PySharp())
    var builtin = pySharp.Import("__builtin__");
    var shipid = (long) builtin.Attribute("eve").Attribute("session").Attribute("shipid");
    var items = builtin.Attribute("eve").Call("GetInventoryFromId", shipid).Call("ListCargo").ToList();
    foreach(var item in items)
        var invType = builtin.Attribute("cfg").Attribute("invtypes").Call("Get", item.Attribute("typeID"));
        var name = (string)invType.Attribute("name");

This code takes care of releasing the Python references once the PySharp instance gets released. If anything in a chain of attributes fails, the code will handle the error gracefully and will not throw an exception or crash eve. Tbh, PySharp is close to brilliant.

I will be using the above code to write an API (which I have called DirectEve) and switch the bot over to that API.

There's one downside, this code could potentially cause CCP to improve their security. I mean, seriously this is just TOO easy.

Posted by: Da_Teach on Monday, November 22, 2010  •  Comments (49)  •  Full story  •  EVE Online C# ISXEVE Inner Space

EVE Online: L4 Mission Bot - Part #4.5

It's been a while since my last post, this has mostly been due to a very tight deadline I have at work. It's hard to keep up the blog when I'm even working in the weekends :(

However I have made a lot of progress with the bot. I wont upload a new source just yet (hence the 4.5-part instead of 5), mostly because I am waiting for the performance-release of ISXEVE. I'm beta testing the release and it still has some bugs, but as soon as those are gone then the new version of the mission bot will be released. Releasing it now would result in unacceptable performance (truly unacceptable!).

But to give you a bit of a heads up on what has been added since the last release:

  • Drone support, although it still loses drones in missions (The Mordus Headhunters eats up drones), the support works pretty darn good! :)
  • Loot-pickup support, this means it will check each can to see if the mission item is in there.
  • Full mission "scripting" support, allowing you to select what actions the bot will take in missions.
  • Priority-looting, using an XML with market-prices from eve-central the bot is able to dump less-valued loot and pickup more valuable loot.
  • Create salvage bookmarks (if a mission has more then x-wrecks left then it'll make a salvage bookmark for that mission pocket)
  • After-mission salvaging, the bot has the ability to jump into a salvage ship after completing a mission and visiting the bookmarks that it made to salvage (and loot) all the wrecks there.
  • Better ammo-support, you can have multiple types of ammo with multiple ranges, and it will pick the right type of ammo for the right range. (I will be adding additional options to this in later versions, to (for example) select rage-torps for battleships)
  • Speed tanking, when enabled the bot will orbit the target its attacking (it still has some bugs but works pretty well)
  • And most importantly: a settings-xml file which allows you to change any setting in the bot

There are still bugs in there, but its getting very close to perfect for combat missions. 

I hope that the ISXEVE performance update gets released soon, as I can't really release it like this. It would be too slow.

Posted by: Da_Teach on Wednesday, September 22, 2010  •  Comments (24)  •  Full story  •  EVE Online C# ISXEVE Inner Space Questor Bot

EVE Online : L4 Mission Bot - Part #4

Well after a weeks worth there is now partial support for pickup missions. The MissionController doesn't actually wait for loot (yet), nor will it check every can / wreck (yet), but it does pickup loot. But I got a bit annoyed by the performance issues with ISXEVE, so I decided to "motivate" the people behind ISXEVE a bit, perhaps more on that in a week (for now the motivator stays private).

I also squashed a couple of bugs here and there (like panic mode only working once).

This week its all about finishing support for pickup missions and start working on drone support.

Somewhere in between I will also look into using the right ammo for the mission (if the faction of the mission is known through either XML or mission information). Should not be 'that' hard.

Posted by: Da_Teach on Saturday, August 7, 2010  •  Comments (24)  •  Full story  •  EVE Online C# ISXEVE Inner Space Questor Bot

EVE Online : L4 Mission Bot - Part #3

Sunday was very productive, I've finished a lot work on the Mission Controller. The Mission Controller is responsible for the actions within a mission, with that finished the bot becomes very close to a workable release. Currently it supports a range of actions, but an important action is not finished yet (picking up items in space). I'll work on that in the coming days.

I also added a Panic mode after I nearly lost my ship due to it running out of cap, being scrambled and having no shield. Lets just say that's not what you want in a (over priced) mission running ship ;)  The panic mode keeps track of your cap (it does assume that you can actually tank everything, perhaps I should change that) and makes all warp-scramblers a priority target (e.g. they get killed before anything else).

Other then that I also fixed a number of bugs, although I still havent found one that causes a popup screen every so often (although I did manage to lower its occurrence).

With the above done, the state of the current bot means that it can run a 'normal' kill-everything mission without interference from a person. Anything else requires manual interaction (picking up items, destroying certain structures, etc).

So the TODO list looks a bit like this at the moment (ordered by 'priority'): 

  • Fix bugs ;)
  • Add support for pickup missions
  • Add looting for wrecks (keeping in mind the amount of space needed for the pickup mission)
  • Add auto-learning for mission damage types (e.g. if you do "Gone Beserk" then it should take different ammo types the first time, but the second time it should only take the 'correct' ammo for the mission).
  • Allow custom mission actions when needed, the idea is that the bot is able to most of the missions without user defined actions though.
  • I might add support for courier missions, since they can be profitable in some of the mission arcs.
  • Anything else I can think off :)
More later this (or early next) week.

Posted by: Da_Teach on Monday, July 26, 2010  •  Comments (68)  •  Full story  •  EVE Online C# ISXEVE Inner Space Questor Bot

EVE Online : L4 Mission Bot - Part #2

I made a lot of progress since the last post that I made, I've added the following features:

  • Interact with an agent and accept all none-courier missions (e.g. it will decline courier missions!)
  • Load ammo for a mission (current version loads all ammo types)
  • Travel to a mission
  • Travel back to the agent
  • Complete the mission with the agent
  • Unload all loot into the hangar

Slowly getting a real mission bot, but I still have some work ahead of me.

The biggest part is running the mission itself. Seeing as it currently warps into the mission area and just sits there. So I need to write a class which will perform the mission objectives.I've got some idea's (mostly stolen from EVEBot's missioner), hopefully I will complete that today or tomorrow.

Also the arming class now loads all ammo types regardless of mission requirements. Its a waste of space, so that needs to change too. I only want to take ammo that's required for the mission. This class should eventually also re-fit the ship based on mission type, however that's very low on my todo-list due to the fact that I overtank L4's by a mile.

After those two major changes, I need to fine tune some things, like not accepting low-sec missions. The purpose of this bot is low-risk, and low-sec is not low-risk.

Once this is all done, I might look into courier missions for a complete mission package (some mission arc's start out as combat missions and turn into courier missions).

Posted by: Da_Teach on Saturday, July 24, 2010  •  Comments (53)  •  Full story  •  EVE Online C# ISXEVE Inner Space Questor Bot

EVE Online : L4 Mission Bot - Part #1

I used to play EVE Online a few years ago, but I got bored with it and quit. Gave all my chars and ISK away. However with my friend not playing Warhammer Online a lot anymore, I needed a new MMO fix. So I started with EVE Online again, spend some euro's on some ISK, bought two chars, a PvP char and a Mission char.

But as we all know, running missions (or making isk in the game) is boring as hell ;)  So I turned to an old friend of mine called ISXEVE which uses Inner Space. With ISXEVE you can automate nearly everything in the game, I used it in the past. But 'back in the days' the .NET wrapper was instable.So you had to code all the stuff in Lavishscript (the scripting language of Inner Space), which is horrid (at least that's my experience).

But things have changed, ISXEVE's .NET wrapper became stable (but ISXEVE a bit slower, although their working on that). So I decided to start writing a mission bot for EVE (using ISXEVE + Inner Space). I also thought it would be nice to blog about my progress, its not my usual stuff (e.g. trainers) but a bot is hacking too ;)

Last week I spend some time writing the combat and salvage modules for the bot. But with ISXEVE's performance issues, it was completely unusable. I decided to rewrite most of the code thus far and add a serious caching manager, and performance is almost great. Currently the bot is far from complete and its very specifically tailored to my needs.

Current 'features' are:

  • Activate shield hardeners
  • Activate shield booster at <65% shields and deactivate it once >95%
  • Targets 4 'high value targets' and 2 'low value targets'
  • Targets 2 wrecks
  • Uses a tractorbeam on the wrecks (I have 2 fitted, so it'll tractor both wrecks) (40km range)
  • Uses salvager when wreck < 5km
  • Uses torpedos to kill high value targets first and then low value targets

Its far from usuable at the moment and it currently doesnt really have any config files, so you have to recompile to change certain things (like max missile range, number of locked targets, etc).

I will keep you guys posted at the progress that I make with the bot. You can download the current version (with source code) here. Whenever I feel like something major has been updated / added, I will update that zip file. And if you didnt guess yet, you do need ISXEVE and Inner Space for this bot to work!

Posted by: Da_Teach on Friday, July 23, 2010  •  Comments (90)  •  Full story  •  EVE Online C# ISXEVE Inner Space Questor Bot

  1. 1
  2. 2
  3. Next page