View previous topic :: View next topic |
Author |
Message |
Necki How do I cheat? Reputation: 0
Joined: 26 Sep 2020 Posts: 8
|
Posted: Wed Oct 14, 2020 6:13 am Post subject: Attack style generated after keyboard input |
|
|
I'm trying to hack a game, where each time you hit your attack button the game generates 1 out of 4 attack types. Stab, swing, lunge, etc. However I want it to only be swing or stab.
Here's what I did. Scan for 0, then scanned each time the attack key was down by first pausing the game and searching for increased value. Repeat that process. Managed to narrow down to 136 values.
I found some interesting stuff. Some microsoft library called MSCTF.dll, which apparently handles input. After finding out what access that address I noticed some values changing, one value that increases each time I let the key down (KeyReleaseEvent counter?).
Funnily enough I found some other addresses, 3 of them. They change between 0, 1, 128 and 129. Another address seems to randomly follow along. I really don't know what to make of it LOL. But my guess is that somewhere some random value is calculated that determines your attack style, and that's where I want to fiddle around.
So I'm stuck. Any tips & tricks would be great.
|
|
Back to top |
|
|
Csimbi I post too much Reputation: 94
Joined: 14 Jul 2007 Posts: 3110
|
Posted: Wed Oct 14, 2020 7:49 am Post subject: |
|
|
Have you considered AutoHotkey?
Send a series of keypresses instead of one?
|
|
Back to top |
|
|
Necki How do I cheat? Reputation: 0
Joined: 26 Sep 2020 Posts: 8
|
Posted: Wed Oct 14, 2020 9:39 am Post subject: |
|
|
That would still not allow me to modify the code that determines what attack style I will use. Stab, lunge, swing, big swing. The client should be calculating that somewhere, I want to find that code and modify it.
|
|
Back to top |
|
|
atom0s Moderator Reputation: 199
Joined: 25 Jan 2006 Posts: 8518 Location: 127.0.0.1
|
Posted: Wed Oct 14, 2020 7:42 pm Post subject: |
|
|
Quote: | They change between 0, 1, 128 and 129. |
This could be valid given the 4 values you mentioned.
This would most likely be a byte flag then.
0x00
0x01
0x80
0x81
Which are valid values for byte flags.
If you can ensure the address that holds this is specifically for that, you can try and find what writes to it to trace back to the function that is actively updating the address and see if the handler is there for what is being selected. There's a million different ways for it to be coded/setup, but it could also just be something as simple as:
Code: |
uint8_t attacks[4] = { 0x00, 0x01, 0x80, 0x81 };
uint8_t attackType = attacks[rand() % 3];
|
Trying to set a breakpoint on rand() will usually not end well since it'll more than likely be called often in a game, but it is also something you could try. Or trace what accesses it and keep an eye on usages exactly when you attack to limit what could be the specific call of the usage.
_________________
- Retired. |
|
Back to top |
|
|
Necki How do I cheat? Reputation: 0
Joined: 26 Sep 2020 Posts: 8
|
Posted: Fri Oct 16, 2020 9:16 am Post subject: |
|
|
Great, thanks man! It helps to put things in perspective by writing the C code with it. It's still hard to comprehend, I guess it would be valuable to write some C code myself and step through it with gdb to learn x86 better.
Those 4 flags you mentioned, I found them again and freezed the value. But they aren't the attack styles, they are actually the animations your character goes through. By freezing that value I essentially created an attack speed hack, LOL. It's perfect, not what I wanted.. but a very nice thing to have nonetheless.
|
|
Back to top |
|
|
Necki How do I cheat? Reputation: 0
Joined: 26 Sep 2020 Posts: 8
|
Posted: Sat Oct 17, 2020 11:02 am Post subject: |
|
|
Small update, instead of freezing the value I used the auto assemble functionality. I noticed that I can move a standard value into the memory address instead of freezing in it. But that only affects my actual animation, not the attack itself.
I'll dig a little deeper.
|
|
Back to top |
|
|
|