I have this code that edits addresses in a game to get unlimited ammo and what not, and I found out that the addresses are different for every computer, sometimes every time you restart the game, so how would I manage making this work still even though they change.
+1
A:
You're either going to give up, or get very good with a disassembler.
Ben Collins
2009-04-22 02:12:15
Why is this isnt there a way to just find the adress in the game of lets say a sniper and mess with the value of the adress that holds the ammo
H4cKL0rD
2009-04-22 02:13:15
The disassembler (or a more specialized tool like a memory scanner - look at the answer to your other question) *is* how you "just find the address". One thing that might make it easier is that the game will probably always have the same offsets (although they may have some anti-cheat algorithms that move things around, but I'd be suprised). If you can find the base address of the game process, then you're set.
Ben Collins
2009-04-22 02:16:34
Don't forget that different sequences of operations may end up with different things allocated at different times, and different numbers of things allocated, so that the addresses can vary because of that. If there's any randomization in the game, that could be a factor too - and that's before you get to deliberate load address randomization for shared libraries (provided by the o/s).
Jonathan Leffler
2009-04-22 02:18:56
indeed. good point. That's also where the disassembler comes in handy - if you can figure out how the memory you're looking for gets allocated, you can track references to it.
Ben Collins
2009-04-22 02:46:50
+6
A:
Signature matching for the record contents in the heap. Maybe using edit distance against specific known content.
No harm I'm answering, since you had to ask, you probably don't have the chops to pull it off.
ceretullis
2009-04-22 02:17:35
I don't know man -- his name is H4ckL0rD. That has to count for something.
pc1oad1etter
2009-04-22 02:30:33
+2
A:
The best way is to look for patterns in memory and work it out using offsets. It's not going to be simple simply because this is the sort of thing game developers want to stop.
So they're not going to have a nice text string saying "Ammo stored 27 bytes before the start of this string".
If they're doing tricky stuff like moving it around every time the game is run (and I would because I'm devious), you'll need to disassemble their code to find out how they locate the memory.
Then you do the same thing. I know, sounds easy and it is. But based on your past questions, I'm not sure 'H4cKL0rD' is a suitable moniker :-), at least in this case.
If you're uncomfortable with disassemblers, hex editors and such, there's almost certainly a program out there that will do it for you.
paxdiablo
2009-04-22 02:18:39
+6
A:
If you get the address you're looking for, and then search for that address in memory to find the address of the pointer to that data, and then search for that address in memory so you can find the address of the pointer to it, and so on, you may eventually find an address that does not change. Then, at runtime, you can use that as a starting point and dereference it to find the location you're looking for. Of course, that all depends on how the data is laid out internally. It can get very complicated.
Volte
2009-04-22 02:19:43
All I can think of is, if character data is stored in a hash (e.g., each player has a runtime-assigned GUID as hash key), you're going to have _lots_ of fun locating which bucket to go for. :-P
Chris Jester-Young
2009-04-22 05:46:59
If the data you are looking for is based off a structure/class which is instantiated locally at some point but never a global or static variable, you are _not_ going to find a static pointer. You will have to find some code that accesses the data you want at the time you need it, and hook that code, redirecting it to your own injected code allocated at some place in the heap. This is not always possible because hardened O/S disallow introduction of new code. If you _do_ find many static pointers, it may indicate the program was written badly :)
Longpoke
2009-11-17 01:33:06
+1
A:
If you just want to get the job done and don't care about having coded it yourself, you could use a program which is designed specifically for this task, such as as T-Search.
Jeremybub
2009-04-22 02:27:40
im ok with those just idk what im lookiong for i got cheat engine do you know how to find the core with that
H4cKL0rD
2009-04-22 02:50:07
Basically you can use them to search for a value, then change that value by doing something in the game, narrowing the search, etc, until there is only one possible location in memory, and then you can modify it.
Jeremybub
2009-04-22 03:36:33
no i know how to do that but the adress changes with every computer sometimes every startup of the game
H4cKL0rD
2009-04-22 19:42:39