Memory Hacking Software

[jtremblay]

I am a begginer at this method of developing gaming tools, and this is the first time I have used this type of tool on something other than a NES emulator... I have been seraching far an wide for the explanation on how to properly use the GetBaseAddress() command. I have been trying to acquire the memory locations of the different environmental items like your Target and your target's Health and you Position in the world; however, after finding most of these values a game crash brought me to realize the memory values changed after the game restarted. Could someone please assist on how to acquire the initial memory location so my memory searches are more consistant?

BTW... Thanks for a great program. Almost nothing else works with Rappelz without having to go through flaming hoops to hide them.

*edit* I am on Vista (both 32bit and 64 bit)... and this does work on Vista x64. I was reading another dude's post in here about getting the "unable to open process" error... If you attempt to open the process and get the error you just simply go to the FILE menu and OPEN RECENT and select the process you just tried to open... it will work fine.

[L. Spiro]

You should really look into complex addresses before scripting a base address.

Normally you use the Auto-Hack to find what reads/writes addresses and work backwards, but this is not as simple if your game is protected and can not be debugged.

There are plenty of resources available everywhere, however, for defeating DMA. A simple search for Defeating DMA Game Hacking should give you everything you need.


L. Spiro

[sebxter]

on rappelz is EVERYTHING serverside speed ,hp ,stamina etc.

[jtremblay]

Thanks L. Spiro... I will check out your recommendation.

I actually did quite a bit of tooling with your divine creation here and found quite a bit. I was able to find 2 constant memory values where the character name is, and I was able to find that the 5th instance of the character name is where all of the statistics for HP, MP, Level, Job were located. Their location seems to be static in relation to the 5th instance of the character name, but it is a random occourance of the name. I think if I could write something that could find the first instance of the character name, to acquire the name, then search with the name to find the 5th instance, to set memory values for HP MP and so on... I should do alright.

@sebxter
I understand that almost all information was server side... I am not trying to edit this information. I am trying to develop a .dll or an application that will provide information to scripts about in-game information. Teaching a program to read based off pixel detection is a total nightmare. I have already done it on a simple program I have already written for Rappelz. I would like to make something like FFACE or the old FFACT... Tools used in FFXI to provide information on call.

[jtremblay]

Is there a manual method that can be done to defeat DMA? I have tried most of the programs recommended by a lot of the research I have been doing and they all cause Rappelz to crash the second I try to debug. And the ones that don't crash Rappelz are detected by hackshield. I even went as far as to watch all of the variables that increase every time the value of the in game currency increases, but when I attempted to decrease the money value by buying something, only the two floating money addresses decreased.

I guess my main question is... do you have any kind of method you recommend me to use to manually find the memory locations that point to the random occourances? What I was doing was selling one item at a time to the shop and then searching for any increase in the memory values. Between that I was randomly just going back in and doing a search for values that did not change to filter out values related to timers and other misc stuff that is constantly changing that might give me a false possitive.

[sebxter]

@sebxter
I understand that almost all information was server side... I am not trying to edit this information. I am trying to develop a .dll or an application that will provide information to scripts about in-game information. Teaching a program to read based off pixel detection is a total nightmare. I have already done it on a simple program I have already written for Rappelz. I would like to make something like FFACE or the old FFACT... Tools used in FFXI to provide information on call.

oh ok

[jtremblay]

NVM... I think i got it now. I (unfortunately) had to move over to my 32 bit system... it works now, but it is incredibly slow on all of the searches. I am able to use L. Spiro's debugger and I have been able to find some of the pointers with the pointer search.

I hope you have the opportunity to explore a 64 bit OS with your program one day L. Spiro... You have made a fantastic application and the search function is very fast on my 64 bit system... granted I am using an FX60 processor on that system, but still... it is way faster.

[L. Spiro]

Check the search options.
Do not search everything readable and do not search MEM_MAPPED.

You may also adjust anything else you wish.


L. Spiro

[jtremblay]

Thanks man... I appreciate the help. I am now at the fork in the road as to how to use this information I have now, but with some research I will figure it out. I have found a method that is working for me when I go to find the Character name I want in the game memory, and I have found that some of the pointers I want are in static locations from that memory address, although it is a random assignment, can this search be scripted into a .dll? or does the .dll only report specific memory locations?

[WingZero[Custom]]

So, finding the Base Address is not as simple as i think. and the game i played can't be debugged. is there any other way to debug the protected game ???

[L. Spiro]

Thanks man... I appreciate the help. I am now at the fork in the road as to how to use this information I have now, but with some research I will figure it out. I have found a method that is working for me when I go to find the Character name I want in the game memory, and I have found that some of the pointers I want are in static locations from that memory address, although it is a random assignment, can this search be scripted into a .dll? or does the .dll only report specific memory locations?

It “reports” what you code it to “report”. If you can’t find a solid and reliable pointer path then you can not code the DLL.
L. Spiro Script is great for following pointers and working with data in the target process.

So, finding the Base Address is not as simple as i think. and the game i played can't be debugged. is there any other way to debug the protected game ???

http://memoryhacking.com/forums/viewtop ... 92&start=0


L. Spiro