Memory Hacking Software

[Iwillkillyou]

Hey Spiro, I've been coding for a while and things, but whenever I olldbg my game (anarchy online) I never see any values I can change. I was wondering if there was anyway to make a bot without having to modify server values. I know it sounds weird, but this game won't let me change any values on the client (like health and stuff...). Thanks a bunch!

[L. Spiro]

The only way to change values on the server is to go to the server itself.

Unless the game was coded like shit, in which case it would be on a -game-per-game basis and no one could help you but someone who is already doing it in that game.


L. Spiro

[mezzo]

@Iwillkillyou: Bots are used to automate stuff that any human could do, but without you actually having to do it. The only 'magic' they do, is read out values in memory. An very simple example of bot 'logic' would be a small script that checks the value of health in memory and if it drops below a certain point, it sends a keystroke to the game, the keystroke being the game's hotkey for drinking a health potion.

More advanced bots read memory to determine the location of a player and then send keystrokes to the game to simulate that the user presses the arrow keys to move in game.

Loads of people write bots in AutoIT these days, because it simply automates stuff for them. ie. press UP,UP, click mouse at coordinates X,Y, press enter, ... The drawback of this, is that AutoIT cannot read values from ram, cuz it's a simple macro tool (it can check pixel colors and so on, but nothing more).

True bots don't need to change character or game properties, they simply emulate 'human' action.

As an example, I'm learning more about bot programming myself, by making one for the game nethack (nonmultiplayer). My bot can do basic pathfinding, kill monsters and even run away when a monster is too strong. (I can hack the game values, but that wouldn't teach me anything).

So try and find a value (like health) and make something happen when it drops below a certain point... like send a keystroke..

Even if you could change the value of health in your client, chances that the server value would change are pretty much NIL. (unless you play very badly coded games

sorry about the rant :p

[Iwillkillyou]

hey mezzo & Spiro, thanks for your replies! I've been checking it out some more, and apparently the game doesn't encrypt any calls. I was able to log my chat and re-send them with WPE pro. However, I try to do the same thing with items, but it doesn't work either!
Mezzo: I was thinking of doing something like that, but I was sure how hard it would be . I would have to try that out though . How exactly do you find your coordinates without the mem value? I'm sure there is an easier way! Thanks a bunch

P.S.: Right now I'm working on a pixel finder, so I can find pixels that match monsters. Everything seems to be going fine so far, except that I haven't found the value for the health heh. I'll do that right now!

[mezzo]

You do need to find the player coordinates in memory... OR, you could try grabbing the packets and looking for the location in there.

Most rpg's have some sort of 'home-made' protocol to send data to the client.
Very simplified example would be a packet payload of say for example {E3, xxxxxxxx,yyyyyyyy,zzzzzzzz}, where the E3 states it's a 'location' packet and all the bytes behind it are the coordinates.. (this is VERY simplified, don't expect it to be that easy).

So if you have a little experience in packet grabbing and protocol dissecting, you could place your char in a location, logout, start grabbing packets, log in, stop grabbing packet. save this packets trace as trace1. Log out again and repeat... save as packet trace 2. Compare packet trace 1 and 2. In those traces, the server will have told your client where on the map your character is. If you spawned at exactly the same place in both traces, somewhere in the packet grabs should be the same 3 values twice.
Three because player location data is always send in triplets, (ie. a point in a 3D space is always described by an X, Y and Z coordinate).

I hope one day L.Spiro will 'borrow' some code from wireshark and implement packet sniffing features in MHS. That combined with the searching features in MHS would leave all other 'game tools' far behind.

*Shameless wink at L.Spiro*

(should you start grabbing packet, log out in a location that has minimal moving object, a private guildhall would be best)

(EDIT: that chat session you logged may be clear text, but other packets could be encrypted, you should check with MHS, ollydbg and process Explorer if the executable doesn't load any encryption DLL's)

(EDIT2: a good indication of encryption is if you see your login credentials in the packet grabs, chances are quite good that no encryption is used)

(EDIT3: other possible means of finding out stuff is to log calls to any winsock or other calls that send packets. Try to see the conversation between your client and the server when you press an arrow key in game. Your client should send a 'movement' packet and the server should send a 'ok, client please redraw your screen' packet'. Try resending the 'movement' packet with WPEpro (once you have found it).

so many possibilities

[Iwillkillyou]

Hey mezzo, thanks for your reply! Luckily, in my game you can find your coordinates by just doing /coords. It's pretty easy. However, I've tried searching for these coordinates using WPE and T-Search, but they're not there at all. I haven't been able to find the value anywhere. Any suggestions?

[Sorn]

Look for the values as Float and not exact value. because alot of games use a floating value like say you game says your at X: 3.31 Y: 1.51 but the actually values could be X: 3.3000011114564 Y: 1.5023113456465. Hope that helps it takes me about 10-15 rescans to find it hope that helps.

[mezzo]

.. what Sorn said.

Also, what do you think the coordinates that you get on screen represent ?
To what are they relative ? Can they be negative ? Is it possible to be on exactly the same coordinates but in a different 'room' ?

Most likely the game uses other coordinates, and parses those to give players 'relative' coordinates. It could of course be that they use those that you see on scree, but I doubt it.

(you could always try to pull the games exectuable through ida pro and see if you can find the code that prints the coordinates and from there try to find where it got those.. ollydbg with loads of plugins would work too. Or even MHS, but I'm not that good with the internal debugger yet, so I couldn't say.)