What's new

C/C++ [PC] To Hack A Game

H

Hiyper

Enthusiast
Messages
227
Reaction score
61
e8d508efeb6af84eeeb307dd34819d01.png

Welcome! In this tutorial, I will teach you how to make a trainer hack for most any game! In this tutorial, I will be using a game called Assault Cube, because it is free and lightweight.

What You Will Need:

Before we begin, this tutorial will not be written for noobs per-say, but it explain parts more so it is more noob friendly. If you have no C++ knowledge, turn back now. Also, It is up to you to adapt my tutorial. Do not make any requests for me to make one for the game you want because you will be reported for spam.

Lets get started!

253bda7ffc7b7bbde92e0b732f0cacc4.png

First thing we need to do is open our game and Cheat Engine (Notepad also for notes).
14026a676ef7775f0c3a7ceba32eb1bb.jpg

Now find the address for your ammo and freeze it (If you do not know how to do this in CE then go look it up). Now we could add this address into our game, but when we restart the program, the address will be different, Why? This is known as a dark address. A dark address an a address that will hold a different instruction every time the game starts. We could find the dark address using pointers, but, we can also do what is called a pattern scan. I will go more in-depth with what that means when we get into VS.

Click your entry and press ctrl+b, copy the address and write it down.

d085cf63876ae7955a929d89d03cff16.gif

Now copy the plugin DLL to your OlyDbg directory and launch. File -> Attach -> ac_client. Then click the little play button. Press ctrl+g and paste in the address you wrote down earlier (do it a few times as search is a little buggy). It is smart to place the comment "start" at the result address.


898d36f3b1694b28b82b2c6aaef217f3.png


Now select a few address. Start by selecting 2 or 3. Right click -> MakeSig -> Test Sig
Then press scan.

f07c1d5a9a23b4baecb750082223e00c.png


As you can see, with that mask and signature (which were generated) Find 4 different signatures. If we scanned using these settings, it would give it 4 results. We want one. So select a few more (making sure that "start" is at the top of your selection).

666dd6b3d39d9f5b38bedc93b5c938b3.png

Now selecting more and more to get one sig is not the most efficient way, but for the tutorial we are not going to mess with offsets. Copy and paste the "Mask" and "Signature" to a notepad. We will need this later to configure our scan.

We are going to end this thread here (to cut down size). In the next one, we will begin coding in our signature scanner. I hope you guys are enjoying it so far!




 
Last edited:
H

Hiyper

Enthusiast
Messages
227
Reaction score
61
I will record a video for the coding portion of the tutorial.
 
V

vRice

Enthusiast
Messages
430
Reaction score
201
I'm going to bookmark this, I know how to read/write to a games process with C# I'm just interested in these 'dark addresses' and how to find them each time etc.

Good job :- )
 
H

Hiyper

Enthusiast
Messages
227
Reaction score
61
I'm going to bookmark this, I know how to read/write to a games process with C# I'm just interested in these 'dark addresses' and how to find them each time etc.

Good job :- )
A dark address is an address that changes every time the game resets. These are bad. You want to find a static address. These never change. BUT, you could use the op code pattern and scan instead of finding static addresses (Bc pointers are a pain :x3:).
 
X

Xeren

♦♦♦ God Complex ♦♦♦
Messages
5,671
Reaction score
2,120
A dark address is an address that changes every time the game resets. These are bad. You want to find a static address. These never change. BUT, you could use the op code pattern and scan instead of finding static addresses (Bc pointers are a pain :x3:).
Is that a common term? The proper replacing word should be "dynamic".
 
X

Xeren

♦♦♦ God Complex ♦♦♦
Messages
5,671
Reaction score
2,120
It is a common term in game exploiting.
Alright, I've just never heard "dark address" used before. I tried using Bing to find other examples of it's usage and ended up with no helpful results.
 
A

Amnesys

Praise Cheesus
Messages
671
Reaction score
431
Looks interesting going to had a good read later on.
 
G

griffin89

Enthusiast
Messages
704
Reaction score
250
It is a common term in game exploiting.

I've been hacking and RE'ing games for many years and it has never been referred to as a "dark address", it is indeed a dynamic address
 
H

Hiyper

Enthusiast
Messages
227
Reaction score
61
I've been hacking and RE'ing games for many years and it has never been referred to as a "dark address", it is indeed a dynamic address
Where I learned refereed to them as dark addresses. :tongue:
 
G

griffin89

Enthusiast
Messages
704
Reaction score
250
Where I learned refereed to them as dark addresses. :tongue:

To each their own haha. I was just giving my 2 cents. The majority of the people are going to know it as a dynamic address. But I don't want to derail or take over your thread
 
A

Auschwitz Guard

Banned
Messages
195
Reaction score
122
Dark address? I've never heard of that before. But I believe what you're experiencing is a pointed var being allocated each time inside the start sequence. This would poop out a different address each time, seeing as it's choosing the next open pool to hijack. The static addresses you speak off make more sense, seeing as they are the entry point to gain access to the pointer, so the address of the entry point never changes. Thought I would drop more light onto the subject, but good tutorial
 
M

Mr Chip53

Enthusiast
Messages
582
Reaction score
199
It's not a common term. Whoever told you it is was high as a mother f****er.
 
Top Bottom