Memory Hacking Software

[Torero]

I understand now how to bot minesweeper with MHS

but I want to make an executable just so I can show it off my friends:

"oh look ! you click on the bot.exe and goes the cursor on the board ! "

I have learned how to find the board dimensions and the arrays, now I need a way to program a generic mem reader, a very, very simple one, just to do the bot on my own exe !


Can you suggeust a few ways I can do that ?

thx !

when your exe related functions are complete, I'll just use thoes, of course !

[L. Spiro]

Make a Windows® C++ application using ReadProcessMemory(), WriteProcessMemory(), OpenProcess(), CloseHandle().

Refer to the MHS help file code examples to see how to scan the list of processes and open one by name.


L. Spiro

[Torero]

ok, I ll do that....



I have tracked down the location where my chat wnidow strings are stored numerous times now, but I don't know how it will decide where to store them the next time


is this where I try to find the pointer that's currently pointing to this location and use dbg to find which line of code generate this pointer and thus being able to follow the pointer to the new locations from then on,

or.... how do I do it?

[L. Spiro]

You need to find the code that wrote the line in the first place.

But you can’t always do that without knowing where it will write next.
So you have to work with what you do know. Find out what reads the line and see if you can find something in the code that can help with how the line was originally written. There should be pointers to follow back to some base or another, and from there you might be able to find the code that will make new lines too. The code should all be connected in some way somewhere. You have to find it.


L. Spiro

[Torero]

How about, do you recomment any game or program where I can start tunning up my MHs proficiency?

I am trying (essentially) my blind luck on C&C general:ZH and Sswg.


can you suggest, in an online game, how the monsters around the 3D world are organized in the ram ? I think this is what I can do:


All of the mobs and human have these stats:

location, hp, action points and others.


For mobs, maybe I should somehow tell MHS to find blocks (or groups, I am not sure) of ram that has ThE SAME distance between their loc values:

I essentially take 4 loc on a map that make up a square, and so I know what every mob inside this square must have their loc within this range, and then I assume that their data are all stored in structures of the same size and the same order and so I now that they all have something like 3000, 180, 4000, between the same distance from each other in the ram -

and so I can, within each block, try to find values of similarities and differeces and determine what they mean from there.



Does that sound like how I shuold think? and also, what do I do the above with MHS ?




I am happily assume that's exactly the case in most real time strategies,

blocks of identical size.


Also, in the case of a RTS, where they don't show the numerical values of units locations. is it possible to do this:


I am going to call unit A's current location (0,0) and I am going to write that in the script search. Also, that the axis are perfectly horizontal and vertical to the screen.

Ok, I am not sure where the origin is, as no values are given,


and then I am going draw a cross on the unit across the screen, and then
take this unit left up part, left down part, right up part , right down part,

essentially 4 quadrants of the cross.


so I am going to make the script look for changes relevant to that:

so hopefull with trials and errors, I can eventually find the unit's related values in the ram that allow me to go further.


Is the idea of drawing a cross sound? if so, how do I write it?


thank.

[Torero]

You need to find the code that wrote the line in the first place.

But you can’t always do that without knowing where it will write next.
So you have to work with what you do know. Find out what reads the line and see if you can find something in the code that can help with how the line was originally written. There should be pointers to follow back to some base or another, and from there you might be able to find the code that will make new lines too. The code should all be connected in some way somewhere. You have to find it.


L. Spiro

I am not sure how I can find the code the write the line - I am trying to learn ollydbg, but the level of stuff I am reading doesn't (hopefully yet ) tell me how to work with online game.

I am quite sure I can't pause an online game long enough for me to figure out things, since they are more or less real time.

how do I deal with that?

is it possbile to record or search for what happend right after a keystroke is made or ... how do I search for what I need?

I am still struggling on different types of search and am trying to learn. I hope yuo don't get mad over my newbness.

[L. Spiro]

I am not sure how I can find the code the write the line - I am trying to learn ollydbg, but the level of stuff I am reading doesn't (hopefully yet ) tell me how to work with online game.

I am quite sure I can't pause an online game long enough for me to figure out things, since they are more or less real time.

Not that I support online hacking, since you might be ruining my fun someday…
No, you can’t pause online games, which is why many people gripe when using OllyDbg with online games, because OllyDbg loves to pause the game.
You can pause them for short periods, but then obviously you lag out if you pause too long. The work-around for this is to test things on your own server, but then the values you find might not be the same as when you join another server.

is it possbile to record or search for what happend right after a keystroke is made or ... how do I search for what I need?

Not yet.
And to my knowledge, MHS will be the only program ever made that will be able to solve this problem.
In the future the Disassembler/Debugger will allow logging and allow you to compare multiple logs to find code that changed, was the same, etc., just like data searches.
This would allow you to run a loop of the game, log everything that happened, then log another loop of the game while you press a key, and log that, then compare to see what code has changed from when you weren’t pressing a key. This enables you to find nearly anything.

But for now, no software on Mars, Jupiter, Venus, or Earth has this capability. I am fairly certain none of the other planets have this either.


L. Spiro

[Torero]

based on what I described, maybe you can suggest a way to scan the values?

particularly on the point of using a cross to define operational "center" of the map, is it possible to do?


I cannot convince you that i won't be ruining your fun, but can you still teach me how I can hack the real time strategy?

[Torero]

which would be,

"I assume that all mobs are blocks of ram that are identical in size and therefore the same data within the structures have the same distance from each other"

"I can find the locations of the character in the game in the ram, and therefor e I can tell which mobs are inside a measurable area."

[L. Spiro]

based on what I described, maybe you can suggest a way to scan the values?

particularly on the point of using a cross to define operational "center" of the map, is it possible to do?

The only way to get unit coordinates is to let them move and perform Sub Searches.
Luckily for you, you can do this easily with the latest release (Demo #24). The Hotkeys have been upgraded to allow quick Sub Searching. So you can just hit a button and scan for Same as Before, Different from Before, Increased, Decreased, and Same as Original. You still have to perform the initial search yourself, however (logically).
This makes it easy to run the game, and perform increased/decreased sub searches as the units move left and right.

"I assume that all mobs are blocks of ram that are identical in size and therefore the same data within the structures have the same distance from each other"

It is probably somewhat safe to assume this in your case. I won’t bother confusing you with class inheritance and virtual function pointers.

"I can find the locations of the character in the game in the ram, and therefor e I can tell which mobs are inside a measurable area."

If you can find them. And in this case it is best to use L. Spiro Script to test everything you find.


L. Spiro

[Torero]

As I told you, I am more or less hacking for more than fun, and I do have a lot of fun, but your tool will prove to be superior to even ollydbg 2.0 right?

It's inevitable that people will potentially use it to ruin your fun.

I ll get on with LSS tomorrow my time. I had to learn to read minesweeper tutorial to understand how to search for that game; all I had to do was to start the game numerous times and it's clear where the arrays are

[L. Spiro]

your tool will prove to be superior to even ollydbg 2.0 right?

We’ll have to see.
I don’t know about the initial release, but since I virtually never stop working on my tool it is logical to suspect it would be better at some point or another.


L. Spiro

[Torero]

http://ftp.wolflord.com/boneash/game/pc ... orally.zip


This is a very old DOS game, I hope you can spare a few minutes to take a look, not that so I can bug you on how to work on this game, but that this game doesn't show up in the open process selection window.

[L. Spiro]

ntvdm.exe.
Good luck finding anything; it’s a DOS game.


L. Spiro

[Torero]

why would a dos game pose addtional problem?

I thought they are small, precise, and easy to track down even if I do pause/go with ollydbg?