What's new

C/C++ [PC] To Hack A Game

Hiyper

Hiyper

Enthusiast
Messages
225
Reaction score
61
Points
85
Sin$
-7
e8d508efeb6af84eeeb307dd34819d01.png

Welcome! In this tutorial, I will teach you how to make a trainer hack for most any game! In this tutorial, I will be using a game called Assault Cube, because it is free and lightweight.

What You Will Need:

Before we begin, this tutorial will not be written for noobs per-say, but it explain parts more so it is more noob friendly. If you have no C++ knowledge, turn back now. Also, It is up to you to adapt my tutorial. Do not make any requests for me to make one for the game you want because you will be reported for spam.

Lets get started!

253bda7ffc7b7bbde92e0b732f0cacc4.png

First thing we need to do is open our game and Cheat Engine (Notepad also for notes).
14026a676ef7775f0c3a7ceba32eb1bb.jpg

Now find the address for your ammo and freeze it (If you do not know how to do this in CE then go look it up). Now we could add this address into our game, but when we restart the program, the address will be different, Why? This is known as a dark address. A dark address an a address that will hold a different instruction every time the game starts. We could find the dark address using pointers, but, we can also do what is called a pattern scan. I will go more in-depth with what that means when we get into VS.

Click your entry and press ctrl+b, copy the address and write it down.

d085cf63876ae7955a929d89d03cff16.gif

Now copy the plugin DLL to your OlyDbg directory and launch. File -> Attach -> ac_client. Then click the little play button. Press ctrl+g and paste in the address you wrote down earlier (do it a few times as search is a little buggy). It is smart to place the comment "start" at the result address.


898d36f3b1694b28b82b2c6aaef217f3.png


Now select a few address. Start by selecting 2 or 3. Right click -> MakeSig -> Test Sig
Then press scan.

f07c1d5a9a23b4baecb750082223e00c.png


As you can see, with that mask and signature (which were generated) Find 4 different signatures. If we scanned using these settings, it would give it 4 results. We want one. So select a few more (making sure that "start" is at the top of your selection).

666dd6b3d39d9f5b38bedc93b5c938b3.png

Now selecting more and more to get one sig is not the most efficient way, but for the tutorial we are not going to mess with offsets. Copy and paste the "Mask" and "Signature" to a notepad. We will need this later to configure our scan.

We are going to end this thread here (to cut down size). In the next one, we will begin coding in our signature scanner. I hope you guys are enjoying it so far!




 
Last edited:
vRice

vRice

Enthusiast
Messages
434
Reaction score
206
Points
170
Sin$
0
I'm going to bookmark this, I know how to read/write to a games process with C# I'm just interested in these 'dark addresses' and how to find them each time etc.

Good job :- )
 
Hiyper

Hiyper

Enthusiast
Messages
225
Reaction score
61
Points
85
Sin$
-7
I'm going to bookmark this, I know how to read/write to a games process with C# I'm just interested in these 'dark addresses' and how to find them each time etc.

Good job :- )
A dark address is an address that changes every time the game resets. These are bad. You want to find a static address. These never change. BUT, you could use the op code pattern and scan instead of finding static addresses (Bc pointers are a pain :x3:).
 
Xeren

Xeren

♦♦♦ God Complex ♦♦♦
Legendary Veteran Programmer Modder
Messages
5,668
Reaction score
2,107
Points
795
Sin$
0
A dark address is an address that changes every time the game resets. These are bad. You want to find a static address. These never change. BUT, you could use the op code pattern and scan instead of finding static addresses (Bc pointers are a pain :x3:).
Is that a common term? The proper replacing word should be "dynamic".
 
Xeren

Xeren

♦♦♦ God Complex ♦♦♦
Legendary Veteran Programmer Modder
Messages
5,668
Reaction score
2,107
Points
795
Sin$
0
It is a common term in game exploiting.
Alright, I've just never heard "dark address" used before. I tried using Bing to find other examples of it's usage and ended up with no helpful results.
 
griffin89

griffin89

Enthusiast
Messages
704
Reaction score
250
Points
125
Sin$
0
Where I learned refereed to them as dark addresses. :tongue:

To each their own haha. I was just giving my 2 cents. The majority of the people are going to know it as a dynamic address. But I don't want to derail or take over your thread
 
A

Auschwitz Guard

Banned
Messages
195
Reaction score
123
Points
85
Sin$
0
Dark address? I've never heard of that before. But I believe what you're experiencing is a pointed var being allocated each time inside the start sequence. This would poop out a different address each time, seeing as it's choosing the next open pool to hijack. The static addresses you speak off make more sense, seeing as they are the entry point to gain access to the pointer, so the address of the entry point never changes. Thought I would drop more light onto the subject, but good tutorial
 
Mr Chip53

Mr Chip53

Enthusiast
Messages
582
Reaction score
200
Points
150
Sin$
0
It's not a common term. Whoever told you it is was high as a mother f****er.
 
Top Bottom
Login
Register