Hacking DotA Heroes: Utilizing Group Search... (pictures)

Submit Tutorials Related to Memory Hacking Software

Moderators: g3nuin3, SpeedWing, WhiteHat, mezzo

Re: Hacking DotA Heroes: Utilizing Group Search... (pictures)

Postby misforos » Fri Dec 04, 2009 3:00 am

I am using a translator, I have no good English.
I hope you understand me
I was trying various ways to circumvent that causes it to disconnect and sort the packets sent during the game, I saw no one in particular that do I disconnect.
I've seen the behavior of other programs like VCK, used to drive out other players when you host this program will not send any package, but being a customer, then banished him to me, nor sent any package, as my conclusion that the safety which produces the disconnect is in memory and is not characteristic of the host.

I watched the memory addresses, and find addresses that access to such experience, and when you increase level, it activates another address that accesses this address, I have stuck, and not to keep doing, I'm new at this and makes me hard.
Do you think I'm on track?

Thank
misforos
I Have A Question
 
Posts: 1
Joined: Thu Dec 03, 2009 7:47 am

Re: Hacking DotA Heroes: Utilizing Group Search... (pictures)

Postby WhiteHat » Thu Dec 31, 2009 6:14 pm

It’s quite late but:

misforos wrote:I was trying various ways to circumvent that causes it to disconnect and sort the packets sent during the game, I saw no one in particular that do I disconnect.
I've seen the behavior of other programs like VCK, used to drive out other players when you host this program will not send any package, but being a customer, then banished him to me, nor sent any package, as my conclusion that the safety which produces the disconnect is in memory and is not characteristic of the host.

I’m not familiar with packet editing and things that have anything to do with it and i’m not sure to fully understand your post... But even if someone manage to do so (reject any client from disconnection), then what about the sync issues ? If i hack my hero’s coordinates to certain points while the other players don’t think i am able to do that, how would the game continue ?

misforos wrote:I watched the memory addresses, and find addresses that access to such experience, and when you increase level, it activates another address that accesses this address, I have stuck, and not to keep doing, I'm new at this and makes me hard.
Do you think I'm on track?

If it is about Auto-Hacking with MHS, you can read this:
DOTA Players’ Gold: Complex Address
.. to boldly go where no eagle has gone before...
User avatar
WhiteHat
Elang Djawa
 
Posts: 1059
Joined: Fri Jul 21, 2006 12:49 pm
Location: Away for a while...

Re: Hacking DotA Heroes: Utilizing Group Search... (pictures)

Postby welcomeback » Fri Jan 01, 2010 5:16 pm

only can use single player if u play team u got dc xD
User avatar
welcomeback
NULL
 
Posts: 102
Joined: Sun Nov 02, 2008 12:03 pm
Location: At Home U Watch PorN

Re: Hacking DotA Heroes: Utilizing Group Search... (pictures)

Postby WhiteHat » Sun Jan 03, 2010 11:30 am

Yes. In fact, this tut is about Utilizing Group Search and some hex editing
stuff using MHS. I had no intention to aim to hack multiplayer games...

I just don’t do multiplayer hacks that much. It could leads to ‘troubles’...
.. to boldly go where no eagle has gone before...
User avatar
WhiteHat
Elang Djawa
 
Posts: 1059
Joined: Fri Jul 21, 2006 12:49 pm
Location: Away for a while...

Re: Hacking DotA Heroes: Utilizing Group Search... (pictures)

Postby chilipalmer » Tue Jan 19, 2010 9:07 pm

can we lock cooldowns of magics via mhs? I tried cooldown search with byte option and found value 0 while refreshed cooldown. But after I had locked this value game closed itself.
chilipalmer
I Have A Few Questions
 
Posts: 8
Joined: Tue Jan 19, 2010 8:59 pm

Re: Hacking DotA Heroes: Utilizing Group Search... (pictures)

Postby WhiteHat » Wed Jan 20, 2010 10:45 am

Yes, we can... Though it is not easy.

The address you found was the wrong one. I did this a while ago, and here’s how the real value works (it’s not the timer but the ‘flag’):
Code: Select all
        16 = 0x00000010 --> Skill is available
       528 = 0x00000210 --> Skill is cooling down
     38933 = 0x00009815 --> Skill is being casted
1073779221 = 0x40009215 --> Hero is channeling skill


Let’s say in DOTA AllStars, the hero is Ezalor (Keeper of The Light) and the skill is Illuminate:
- When Illuminate is available, the value equals to 16.
- When Illuminate is being casted, the value changed to 38933 (for milliseconds).
- Ezalor is allowed to channel this skill. Upon channeling, the value changed to 1073779221.
- At the end of skill (illuminate fired), the value changed to 528.
- Cooldown timer is being reset, the value changed back to 16.


In short, to make one skill available, we have to change its flag value to 16, but only if its previous value = 528. We can not merely lock this value address to 16 all the time, cause our hero won’t be able to cast anything.

I am still unable to grab the logic of it since, in my understanding, it is heavily ‘encrypted’. Here are some codes that access the Skill Availability Flag value:
Code: Select all
and     dword ptr [esi+20], FFFFFDFF
and     dword ptr [esi+20], BFFFFFFB
and     dword ptr [esi+20], FFFA7FFF
and     dword ptr [esi+20], FFFBFFFF

We can see that thing is a bit complicated...
.. to boldly go where no eagle has gone before...
User avatar
WhiteHat
Elang Djawa
 
Posts: 1059
Joined: Fri Jul 21, 2006 12:49 pm
Location: Away for a while...

Re: Hacking DotA Heroes: Utilizing Group Search... (pictures)

Postby chilipalmer » Thu Jan 21, 2010 6:15 pm

thank you.
chilipalmer
I Have A Few Questions
 
Posts: 8
Joined: Tue Jan 19, 2010 8:59 pm

Re: Hacking DotA Heroes: Utilizing Group Search... (pictures)

Postby WhiteHat » Fri Jan 22, 2010 12:18 am

It’s nothing... Anyway, i don’t believe that those values in my post are all that is available in WC3...
.. to boldly go where no eagle has gone before...
User avatar
WhiteHat
Elang Djawa
 
Posts: 1059
Joined: Fri Jul 21, 2006 12:49 pm
Location: Away for a while...

Re: Hacking DotA Heroes: Utilizing Group Search... (pictures)

Postby chilipalmer » Fri Jan 22, 2010 12:52 am

I also tried to change heart stopper aura's value of necromencer. But I found that the parameters were just levels of the power. I couldn't find per cent of the aura. I think they are constants so we can not find them with changeing parameters. You may know how to find that ability level's root and where it is connected. Thank you for your interest.
chilipalmer
I Have A Few Questions
 
Posts: 8
Joined: Tue Jan 19, 2010 8:59 pm

Re: Hacking DotA Heroes: Utilizing Group Search... (pictures)

Postby WhiteHat » Sun Jan 24, 2010 7:10 am

Necrolyte’s HeartStopper is a passive skill, which ‘Availability Flag Value’ is impossible to find using basic searching. So i used Rhasta instead for my experiment about hacking skill, and i can tell you it turned out really well. Take a look at these two screenshots:

A battle between sentinel and scourge creeps around a scourge middle guard tower.
Image

Just 3 seconds later, 100 (one hundred) Rhasta’s Serpent Ward was summoned ! (go ahead, count them if you pleased)
Image

(...pardon me of the picture size...)

With a close look at the 2nd screen-shot, we can see that i summoned those 1000 serpent wards far away from the battle location, that is the sentinel base !

So, basically, what i did was:
- Modifying the number of summoned units (normally, without a scepter, Rhasta can only summon 8 Serpent Wards at once). It is a float value.
- Modifying the maximum range of summoning (normally, Rhasta can only summon serpent wards as far as about his attak range). It is a float value.

But that was not all. I can tell you that at the same time i also modify the Skill’s Cool-down Time (float) and Mana Cost (Unsigned Long), giving me choice to fill the entire map with Serpent Wards at no cost of mana (take a close look at the 2nd screen-shot. My hero did not lost any mana at all).

And this is how i did it:
1. Obtained the address of Skill Availability Flag.
2. Study values around it via MHS Hex Editor. I found at least 2 super important pointers (I’m writing another tutorial for this soon).
3. I followed one of those pointers, and it lead me to address of somewhat like skill structures.
4. I study the values via Hex Editor, and found those values which were then put inside my MHS Main List (table).

Their structures was quite clear that we can build Complex Addresses for each of the skill parameters.

Still, this hack is most likely will not work in multi-player mode.


chilipalmer wrote:I also tried to change heart stopper aura's value of necromencer. But I found that the parameters were just levels of the power.

I’m interested and curious about what kind of values you’ve found. Would you elaborate more ?

chilipalmer wrote:I couldn't find per cent of the aura. I think they are constants so we can not find them with changeing parameters.

From my experiment above, the values i modified are all constants act as reference value when we use the skill. Still, nothing prevent us to hack them once we found their address. So, regards your interest about Necrolyte’s Heartstopper, i’m pretty sure that there are some ways to hack its parameters. We just need to figure out how the values work.

chilipalmer wrote:You may know how to find that ability level's root and where it is connected.

And it is my reply here all about...

It was my first time of hacking skill and was real fun. Have never done that before... Thanks to you that i feel ‘motivated’ to do so... ^^
.. to boldly go where no eagle has gone before...
User avatar
WhiteHat
Elang Djawa
 
Posts: 1059
Joined: Fri Jul 21, 2006 12:49 pm
Location: Away for a while...

Re: Hacking DotA Heroes: Utilizing Group Search... (pictures)

Postby chilipalmer » Sun Jan 24, 2010 4:38 pm

Thank you. If rashta's abilities can be changed, every ability can be changed; i think. So I tried to find heart stopper aura's level parameter in hex editor and in hex editor I look for any value (range, effect) about 3-4 pages but didnt found. Is there way to search in hex editor for every types of values for ordered values and ordered pages?
chilipalmer
I Have A Few Questions
 
Posts: 8
Joined: Tue Jan 19, 2010 8:59 pm

Re: Hacking DotA Heroes: Utilizing Group Search... (pictures)

Postby WhiteHat » Mon Jan 25, 2010 7:06 am

chilipalmer wrote:Thank you. If rashta's abilities can be changed, every ability can be changed; i think.

Most likely, i believe so...


chilipalmer wrote:So I tried to find heart stopper aura's level parameter in hex editor and in hex editor I look for any value (range, effect) about 3-4 pages but didnt found.

Please help me to understand these:
- How did you manage to find the address of this HeartStopper aura ?
- And which pages you’ve studied ? What address did it start ?


chilipalmer wrote:Is there way to search in hex editor for every types of values for ordered values and ordered pages?

Would you please elaborate more ? I don’t understand what you mean by ‘ordered values’ and ‘ordered pages’.
.. to boldly go where no eagle has gone before...
User avatar
WhiteHat
Elang Djawa
 
Posts: 1059
Joined: Fri Jul 21, 2006 12:49 pm
Location: Away for a while...

Re: Hacking DotA Heroes: Utilizing Group Search... (pictures)

Postby chilipalmer » Tue Feb 02, 2010 12:07 am

Sorry, I couldn't explain my question clearly. The issue is:
I searched long data type for "heartstopper aura"s skill for every level. (While skill wasnt picked value was "0", in level 1 value was 1 etc.) I looked this parameter in hex editor to find connected parameters like auras area, per cent of health taking etc. But I couldn't find any parameter for 4-5 pages of hex editor.

How can I find the connected parameters with auras level parameter? Thank you.
chilipalmer
I Have A Few Questions
 
Posts: 8
Joined: Tue Jan 19, 2010 8:59 pm

Re: Hacking DotA Heroes: Utilizing Group Search... (pictures)

Postby WhiteHat » Wed Feb 03, 2010 10:50 am

chilipalmer wrote:I searched long data type for "heartstopper aura"s skill for every level. (While skill wasnt picked value was "0", in level 1 value was 1 etc.) I looked this parameter in hex editor to find connected parameters like auras area, per cent of health taking etc. But I couldn't find any parameter for 4-5 pages of hex editor.
Unfortunately, the value you’ve found is unusable. I’ve tried it myself and found that even the only address matched with this kind of search got changed after few minutes playing so it differ from the skill level, made me concluded it was a useless address let alone studying the hex values around this address..


chilipalmer wrote:How can I find the connected parameters with auras level parameter? Thank you.
Among many possible ways, is to find the address of SAF (Skill Availability Flag), like the one i post earlier. There is a ‘door’ around this address that will lead us to these parameters of the corresponding skill.

I’ve prepared a short tutorial for this, and will post it as soon as possible (less than 24 hours)...
.. to boldly go where no eagle has gone before...
User avatar
WhiteHat
Elang Djawa
 
Posts: 1059
Joined: Fri Jul 21, 2006 12:49 pm
Location: Away for a while...

Re: Hacking DotA Heroes: Utilizing Group Search... (pictures)

Postby WhiteHat » Thu Feb 04, 2010 8:18 am

Let’s put aside Necrolyte’s Heart Stopper for now since it is a passive skill which no way for us to activate it. We need active skills for our experiment, and my suggestion is Rhasta’s Serpent Wards.

Among many methods that may available, we are going to use Skill’s Availability Flag (SAF) of Serpent Ward as starting point.

1. Start DOTA (AI) in Single Player mode and leave the rest player slots to Open. This will give us freedom to levelup our hero later.
2. Pick Rhasta, the Shadow Shaman. Immediately, type this command: “-levelup 25”. Rhasta should now attain max level.
3. We’re going to hack Serpent Ward skill, so we better have some details about this skill. I have the needed screen shot here:
Image
We know that every level of Serpent Wards cool down time are 100 second. Also, i’ve noted the Mana Cost for this skill per levels: Lv.1:200/Lv.2:350/Lv.3:600
4. Take all Rhasta’s available skills.
5. With MHS attached to wc3.exe, start Data-Type Search for Exact Value 16 (Unsigned Long). Thousands of initial found addresses come up.
6. Back to DOTA, summon Serpent Wards (should be skill level 3).
7. Wait about 1 second, and switch back to MHS to perform Sub Search for Exact Value 528. There should be only one address comes up.
8. Double click the address to add it into MHS Main List (table).
9. My found address is at 0x060D0D3C. Yours should be different.

Now we already have the address of Serpent Ward’s SAF, and we’re about to inspect its parameters (Mana Cost, Area of Effect, etc)

1. In MHS Expression Evaluator, put this expression: [(your Serpent Ward’s SAF address)+0x34]
2. My SAV address is 0x060D0D3C, so in Expression Evaluator it is something like this:
Image

3. Copy the hex number in the Result Text Box. In this case, my result is 0xF24A574 (see above screen shot).
4. Follow the values in MHS Hex Editor by enter it in Navigator Text Box like this:
Image

5. I can tell you that we are already in Rhasta’s Serpent Ward Skill ‘structure’ !

To make things much more understandable, we need to change the ‘look’ of this Hex Editor to suit our need.

1. Goto Hex Editor Menu > View > Base Option. And change the Current Layer > Data type to FLOAT. Like this:
Image

2. Our Hex Editor should look quite a mess by now, but this is normal. We just need to adjust the Data Area cell width by Right-Clicking on either Hex Area or Data Area of MHS Hex Editor, and select Set Cell Widths.
Image

3. A pop up menu comes up. Set to Cell Width to 4, like below:
Image

4. The ‘new look’ of Hex Editor around Rhasta’s Serpent Wards Skill ‘structure’:
Image

We can now easily perform some ‘eye-scannings’ to the values and match them with our data. And here is my interpretation:
Image

Hope you can understand that... ^^
- I’ve marked the addresses of cool down timer (110) for every levels.
- Also marked the mana cost for each level. Their data-types are Unsigned Long.

The blocks for each level show the range of bytes that correspond to each level of Serpent Wards. You can see that the mana cost of each level reside in their own block. And so with cool down timer (110), range (550), and the quantity of summoned wards (8).

At this point, we can modify any values to obtain certain effects.

That’s how we hack Rhasta’s Serpent Wards skill. With similar method, we can hack other Heroes’ skill. Please keep in mind that there should be important values other the ones i’ve pointed out...
.. to boldly go where no eagle has gone before...
User avatar
WhiteHat
Elang Djawa
 
Posts: 1059
Joined: Fri Jul 21, 2006 12:49 pm
Location: Away for a while...

PreviousNext

Return to Tutorials

Who is online

Users browsing this forum: No registered users and 0 guests

cron