Help with byte patterns in C++

Technical Discussions not Related Directly to MHS. For Example, Coding, Hex Editing, General Hacking, Etc.

Moderators: g3nuin3, SpeedWing, WhiteHat

Help with byte patterns in C++

Postby CoMPMStR » Thu Jul 14, 2011 2:49 am

Wassup peoples,

I'm in need of some assistance and Google isn't being a very good friend right now. I'm working on an aimbot for a game, but that's not what I need help with. The problem I'm having is that the offsets have changed and one in particular is now being located to a dynamic part of the memory (ie: it changes each time the game is restart). I followed some tutorials and decided to reverse the address location on my own.

Code: Select all
004C4E0A   |.  68 00201000                  PUSH    102000  ;array size
004C4E0F   |.  81C1 20006C0B                ADD     ECX, 0B6C0020 ;array location


The address I need from this is 0B6C0020 but remember that it won't be the same next time around. With this location handy, 4C4E0A, and the byte pattern \x68\x00\x20\x10\x00\x81\xC1, I figured obtaining the right value would be easy; and it is to an extent. I found a method to locate byte patterns, and it works great. This will return the location directly after the given byte pattern, or -1 if it's not found, which is exactly where I need it to be in this situation.

Code: Select all
int FindPattern(int start_offset, int size, const char * pattern, const char * mask)
{
   int pos = 0;

   for (int retAddress = start_offset; retAddress < start_offset + size; retAddress++)
   {
      if (*(const char*)retAddress == pattern[pos] || mask[pos] == '?')
      {
         if (mask[pos+1] == '\0')
            return retAddress+1;
         pos++;
      }
      else
         pos = 0;
   }

   return -1;
}


The problem now is that this method returns the address, 4C4E11, not the value I need. It seems like an easy fix, I tried to convert it to an int * which now returns the correct value, or so it seems.

Code: Select all
int *centity_addy = (int*)FindPattern(0x004C4000, 0x1000, "\x68\x00\x20\x10\x00\x81\xC1", "xxxxxxx");


Now that I have the correct address I need in *centity_addy, I then test to see if it is in fact the correct value.

Code: Select all
char entityaddy[32];
sprintf(entityaddy, "Entity Address: %x", *centity_addy);
//Print entityaddy to screen


When I load the game, the screen displays-to my suprise-the correct value. Excellent, now-from what I can tell-all I need to do is implement it replacing the old static address with *centity_addy.

Code: Select all
centity_t * cg_entities = (centity_t*) 0x8F7A78;  //old declaration
-TO-
centity_t * cg_entities = (centity_t*) *centity_addy; //what i tried


With the way things have turned out so far this should work perfectly, but it doesn't and I don't understand why. This is where I need help, how can I take the value from *centity_addy and use it the same way the previous static address was used? Is it possible this way or is there another, possibly better, way? Any help is, as always, greatly appreciated.
Image

______________________________________________________
My Utilities:
CT <-> LSSAVE Converter
LSS Visual Dialog Designer
.NET Trainer Helper Library

~Whether you think you can or you think you can't, you're right.

L. Spiro wrote:In my left hand is a red pill. If you take it I will show you the truth. I lost my right hand in the war, so I’m afraid you’re stuck with the red pill.
User avatar
CoMPMStR
(P)ot (I)n (M)y (P)ipe
 
Posts: 451
Joined: Thu Mar 06, 2008 7:50 am
Location: Best Place

Re: Help with byte patterns in C++

Postby CoMPMStR » Fri Jul 15, 2011 2:12 am

Nevermind about the problem, it wasn't anything with my code. It's due to the game's anti-cheat mechanism. It seems they relocate the address more than just on restart, so with some modifications I got it to work. Instead of initializing it in the global declarations, I decided to set it on EndScene (ie: each frame), using ReadProcessMemory. This way the value would never be incorrect or out-of-date.

Code: Select all
HANDLE mw2aiw = GetCurrentProcess();
centity_t * cg_entities; // = (centity_t*) 0x8F7A78;
int centity_addy = -1;

void ReadValues()
{
   tmppat = FindPattern(0x004C4000, 0x2000, "\x68\x00\x20\x10\x00\x81\xC1", "xxxxxxx");
   if (tmppat == -1) { return false; }
   ReadProcessMemory(mw2aiw, (PVOID)tmppat, &centity_addy, 4, NULL);
   if (centity_addy == -1) { return false; }
   cg_entities = (centity_t*) centity_addy;
}


I just simply call ReadValues() in EndScene, before any of the hacks are used, and cg_entities will always be valid. :D
Image

______________________________________________________
My Utilities:
CT <-> LSSAVE Converter
LSS Visual Dialog Designer
.NET Trainer Helper Library

~Whether you think you can or you think you can't, you're right.

L. Spiro wrote:In my left hand is a red pill. If you take it I will show you the truth. I lost my right hand in the war, so I’m afraid you’re stuck with the red pill.
User avatar
CoMPMStR
(P)ot (I)n (M)y (P)ipe
 
Posts: 451
Joined: Thu Mar 06, 2008 7:50 am
Location: Best Place

Re: Help with byte patterns in C++

Postby L. Spiro » Sun Jul 17, 2011 10:23 am

For what game are you trying to write an auto-aim?

Sometime soon I plan to write the most detailed article on bot aiming AI that has ever been written.
It will explain how to handle lasers, real-time missiles, arching grenades, alien wave guns, bounces off walls, and full target look-ahead including taking into account the target’s velocity and acceleration, how it will hit walls/floors, etc.

Its purpose is to provide the ultimate reference for game programmers on how to make their bots aim at targets with any kind of gun (regardless of what type of motion it takes during flight), but an intelligent person can modify the algorithm to also account for ping and make an auto-aim. This is not my goal but I know it will happen.


L. Spiro
Our songs remind you of songs you’ve never heard.
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan

Re: Help with byte patterns in C++

Postby CoMPMStR » Mon Jul 18, 2011 7:01 am

Well I'm not actually writing it from scratch, it has already been written by some kind members over at another forum-I just had to modify it to work for the version I'm using. The game is COD:MW2, the non-steam edition.

It sucks though because now that I have everything working, it just randomly crashes while playing. I don't know if it's due to my (bad?) coding, or if it's another one of their anti-cheat measures to prevent hacks. I believe it's the latter because I can use my wallhack (chams) or anything else that requires DirectX, but if I use anything that reads the game's structs; that's when the random crashes occur. It really sucks, but I'm at a loss. I've already tried everything that comes to mind, and I don't know how to find the problem.

I would love to have something like that article at my disposal, especially if it will be as detailed as you say. I've always had trouble when it comes to coding AI for a game, that's why I haven't created a fully functional game yet. I started to make some games in the past that are very incomplete, I wouldn't even call them demos. Eventually, I end up getting to the point where I need help and everyone says "Read <insert_book_here>". The problem is that I don't understand most of those books, and they just leave me with more questions that go unanswered.

Maybe that's why I stick to hacking games. Yeah, I can see your article being used for evil. :D Regardless of the reason you give something to the public, they will find their own use for it.
Image

______________________________________________________
My Utilities:
CT <-> LSSAVE Converter
LSS Visual Dialog Designer
.NET Trainer Helper Library

~Whether you think you can or you think you can't, you're right.

L. Spiro wrote:In my left hand is a red pill. If you take it I will show you the truth. I lost my right hand in the war, so I’m afraid you’re stuck with the red pill.
User avatar
CoMPMStR
(P)ot (I)n (M)y (P)ipe
 
Posts: 451
Joined: Thu Mar 06, 2008 7:50 am
Location: Best Place

Re: Help with byte patterns in C++

Postby L. Spiro » Mon Jul 18, 2011 7:37 pm

Sounds as though it will be a fairly cheesy auto-aim that works only on low pings.


The topic of AI has been coming up a lot lately around me.
Last week my colleges all gave the same reaction when told individually that AI is my specialty. “Really??”
They even seemed shocked at Square Enix when they learned that during the interview. I just realized that I never talk about AI and have no works to demonstrate my abilities in AI (and not mentioned at all in my resume), so no one knows that is the subject I do best in programming. Funny. They all thought my specialty was graphics programming.


I plan to write a book about AI later but starting with a few articles on the subject. I plan to be very thorough and cover things that have never been documented before.


L. Spiro
Our songs remind you of songs you’ve never heard.
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan

Re: Help with byte patterns in C++

Postby CoMPMStR » Tue Jul 19, 2011 2:04 pm

You're probably right, there's nothing in the source to detect ping. But seeing as my ping is usually <70 and never >100, it works fine for me. There was a public version a few months ago that everyone was using, and I've never heard any people complaining about it being inaccurate.

I actually thought your specialty was coding C++; regardless if it's graphics, game engines, hacking, or otherwise. I've never seen a post where someone asked you a question about coding that you couldn't answer.
Image

______________________________________________________
My Utilities:
CT <-> LSSAVE Converter
LSS Visual Dialog Designer
.NET Trainer Helper Library

~Whether you think you can or you think you can't, you're right.

L. Spiro wrote:In my left hand is a red pill. If you take it I will show you the truth. I lost my right hand in the war, so I’m afraid you’re stuck with the red pill.
User avatar
CoMPMStR
(P)ot (I)n (M)y (P)ipe
 
Posts: 451
Joined: Thu Mar 06, 2008 7:50 am
Location: Best Place


Return to Technical Unrelated

Who is online

Users browsing this forum: No registered users and 0 guests