- 57
- 2 566 738
Nathan Baggs
Registrace 17. 08. 2022
Sharing over a decades experience in making and breaking software
How To Manipulate Process Memory On Windows
Find out how to use the win32 API to manipulate the memory of another process. This is cut down from a livestream, subscribe to get notifications and join in on us building a hacking toolkit
Get the code: github.com/nathan-baggs/blind_io
Become a member to get early access to videos (and to previous livestreams in full) - czcams.com/channels/QvW_89l7f-hCMP1pzGm4xw.htmljoin
Want to build cool stuff from scratch? app.codecrafters.io/join?via=iris-engine-dev
💭 All views are my own 💭
Get the code: github.com/nathan-baggs/blind_io
Become a member to get early access to videos (and to previous livestreams in full) - czcams.com/channels/QvW_89l7f-hCMP1pzGm4xw.htmljoin
Want to build cool stuff from scratch? app.codecrafters.io/join?via=iris-engine-dev
💭 All views are my own 💭
zhlédnutí: 2 649
Video
This Developer Hacked Their Own Game 20 Years Ago
zhlédnutí 25KPřed dnem
Recreating how the Insomniac developers hacked Ratchet and Clank 3 over 20 years ago Become a member to get early access to videos - czcams.com/channels/QvW_89l7f-hCMP1pzGm4xw.htmljoin Want to build cool stuff from scratch? app.codecrafters.io/join?via=iris-engine-dev 🔗 Links 🔗 - Original article - www.gamedeveloper.com/programming/dirty-game-development-tricks - Horizon private server - github...
How To View Process Memory On Windows
zhlédnutí 4,1KPřed 21 dnem
How to use the Win32 API and C to view the allocated memory of a running processes. This is cut down from a livestream, subscribe to get notifications and join in on us building a hacking toolkit Get the code: github.com/nathan-baggs/blind_io Become a member to get early access to videos (and to previous livestreams in full) - czcams.com/channels/QvW_89l7f-hCMP1pzGm4xw.htmljoin Want to build co...
How To Enumerate Processes On Windows
zhlédnutí 5KPřed 28 dny
How to use the Win32 API and C to enumerate all the running processes. This is cut down from a livestream, subscribe to get notifications and join in on us building a hacking toolkit Get the code: github.com/nathan-baggs/blind_io Become a member to get early access to videos (and to previous livestreams in full) - czcams.com/channels/QvW_89l7f-hCMP1pzGm4xw.htmljoin Want to build cool stuff from...
How I Hacked Balatro To Get An Impossible Score
zhlédnutí 11KPřed měsícem
How can we get an insane score in Balatro without getting good at it? Become a member to get early access to videos - czcams.com/channels/QvW_89l7f-hCMP1pzGm4xw.htmljoin Want to build cool stuff from scratch? app.codecrafters.io/join?via=iris-engine-dev czcams.com/video/ILY7tYdIS2Y/video.htmlsi=0NAYqbeewoi3DJa7 - More in depth on process injection 💭 All views are my own 💭 Ever wondered how game...
How Do Hackers Actually Cheat In Games?
zhlédnutí 30KPřed měsícem
How Do Hackers Actually Cheat In Games?
Did I just make the fastest JavaScript runtime?
zhlédnutí 11KPřed 2 měsíci
Did I just make the fastest JavaScript runtime?
Unfixable Apple Exploit - How It Really Works
zhlédnutí 15KPřed 2 měsíci
Unfixable Apple Exploit - How It Really Works
I Made A Virus - I Instantly Regretted It
zhlédnutí 19KPřed 2 měsíci
I Made A Virus - I Instantly Regretted It
EA Won't Let Me Play This Game - So I Hacked It
zhlédnutí 289KPřed 3 měsíci
EA Won't Let Me Play This Game - So I Hacked It
Hacking This Game To Remove Jump Scares (Observation Duty)
zhlédnutí 14KPřed 3 měsíci
Hacking This Game To Remove Jump Scares (Observation Duty)
Hacking This Game To Always Win (Buckshot Roulette)
zhlédnutí 13KPřed 4 měsíci
Hacking This Game To Always Win (Buckshot Roulette)
Reverse Engineering This Insane Glitch (Ocarina of Time)
zhlédnutí 60KPřed 5 měsíci
Reverse Engineering This Insane Glitch (Ocarina of Time)
You Can Only Play This Game By Hacking It
zhlédnutí 333KPřed 5 měsíci
You Can Only Play This Game By Hacking It
How One Developer Continues To Defy The Impossible
zhlédnutí 137KPřed 6 měsíci
How One Developer Continues To Defy The Impossible
Fixing Multiplayer Of A 25 Year Old Game
zhlédnutí 96KPřed 7 měsíci
Fixing Multiplayer Of A 25 Year Old Game
Hacking a 25 Year Old Game To Make It Work
zhlédnutí 292KPřed 7 měsíci
Hacking a 25 Year Old Game To Make It Work
Reverse Engineering RollerCoaster Tycoon | How does it work?
zhlédnutí 224KPřed 9 měsíci
Reverse Engineering RollerCoaster Tycoon | How does it work?
Ditch Unity, Build A Game Engine In 48 Hours
zhlédnutí 43KPřed 11 měsíci
Ditch Unity, Build A Game Engine In 48 Hours
I made the same ray tracer in Assembly, C# and TypeScript
zhlédnutí 7KPřed rokem
I made the same ray tracer in Assembly, C# and TypeScript
You Don't Need An Engine | Rendering Water
zhlédnutí 8KPřed rokem
You Don't Need An Engine | Rendering Water
What is the fastest way to calculate sine?
zhlédnutí 23KPřed rokem
What is the fastest way to calculate sine?
I made the same game in Assembly, C and C++
zhlédnutí 644KPřed rokem
I made the same game in Assembly, C and C
what vscode theme is that? dracula?
Indeed
Stack alloc arrays have a constant size at compile time right? Just heap allocated ones can have dynamic size, and the function receiving the array (pointer) just goes to the heap. That way arrays basically don't do any pass by copy of the array on the stack, but instead pass a copy of the pointer to the array to the function. so shouldn't an array always be pass by const ref?
I very much enjoyed your recent video on modifying the memory of a running Windows process. Cool to see some neat C++ features sprinkled in as well :) Thank you
Thanks!
Are you going to keep this library private or open source it some day?
It’s open source now! github.com/nathan-baggs/blind_io
One rare edge case that can happen here: it is possible for a string to begin in one region and end in another region directly after it, in which case your code will not find it. This is very fun to debug if you don't know what's happening, ask me how I know ;)
Stuff like this is full of edge cases!
This happened to me for real once, the app was calling VirtualProtect in order to make a page writable so it could modify some stuff, and didn't remove the write permission afterward, effectively cutting the region that the page was a part of in half. In practice everything continued to work because having the additional write permission wouldn't cause anything to fail, since the rest of the code only read from the page. There was a string I wanted to read that started right on the end of that page, and ended at the start of the next. Because of the changed permissions it counted as a different region. I had to change my process memory reading code around to account for this because I was assuming (like in this example) that strings wouldn't cross regions
C++ is gross
ive learned the basic to intermediate stuff from c++, hated it, then went to learn Go
What were the things u hated about it?
Oldskool memories, I used to live on msdn. Back in the 32 bit days of mmo's that used GameGuard and HackShield that blocked read and write to the processes memory I created and injected, during process start, a dll that acted like a pipe server. The dll would accept an address and a number of parameters through the pipe then execute the winapi function at that address after pushing the parameters to the stack first. It was nice because I could pass the address of WriteProcessMemory and params via the pipe the game process itself would write to the hack program and likewise you could get it to read in data and do all that hacky stuff. I called the API LoseAPI ie the opposite of WinAPI :P It was basically a giant header file with all the WinAPI function names, slightly altered, wrapped around a pipe out to make things easier in the hack program. Hack by proxy ;)
Where there’s a will there’s a way
The init statement. Never use it. It's crap. The committee have lost their mind. It's that simple.
I still want to learn assembly
Nice. This is a feature that I would like to see in php
PHP was my first language (:
I can't tell you how much I love your videos. What are the chances you'd put a link to a GitHub with a sample of the code you wrote in the video? I'm writing it from scratch and it would be nice to have something to compare the finished product to. Also, it would be cool if community members could fork it and possibly even submit a pull request! Please keep doing what you're doing because it's awesome! Thank you for creating the content you do.
github.com/nathan-baggs/blind_io let me add it to the video descriptions
@@nathanbaggs Do you have a Ko-Fi or Patreon or do you prefer CZcams's membership?
I’ve only got YT membership
@@nathanbaggs I am now a member. 🙌💪
Good answer... You stated which language YOU like, but clarified that whatever we chose doesn't really matter I'm really enjoying you channel
Thanks!
RPM/WPM was how I made most my game cheats. I always loved this method.
part of the reason the vm performance was so poor was that you may not have loaded the virtual box graphics drivers. The little turtle icon on the bottom bar means there is some issue with how it is emulating on the host. Usually installing the guest edition CD fixes the performance for me. You may also need to disable some virtualization based security settings or TPM. Not sure if those impact the sandboxing capabilities of the VM
Quite possibly, I’ll admit to not spending too much time trying to get it to work in a VM
While using uint8_t will work on pretty much all compilers for bytes, your probably better using std::byte or unsigned char here as uint8_t might not be an alias to unsigned char meaning that the compiler could not treat it as aliasing everything and instead as a unique type. However looking at clang, gcc, msvc and icc on compiler explorer they all end up with uint8_t being treated as the equivalent of std::byte.
The problem I have with std::byte is that’s it’s an opaque type (by design). It usually implemented as “enum class byte : unsigned char” so you have to cast to read the data
Writing the entire memory section every time when you only need to replace a few bytes is a bit of overkill. Not to say the other memory may change between read and write, so you’re risking of corrupting process state unless pausing all threads first.
I made an in depth comment explaining this on his previous video about VirtualQueryEx as well :)
Sure, we’re building this on live stream so I’m focussing on the underlying techniques, we can always improve the API later. Will also be looking at debugging and thread suspension in the future
One of the very few things I remember from programming classes in college: most languages keep variables within the scope of the logic statement they were created within. This is why I declared most of my variables as global, when I was a teenager.
This is pretty interesting for sure. Is there a C# way of doing this? (without memory.dll as it's always flagged by Windows Defender). Nevermind, just learnt about DllImport :-)
If the ReadProcessMemory function was never implemented, game cheating would have probably been much harder 😂. Awesome video as always.
We don’t have it on Linux, so porting this is a fun challenge
Its almost like ptrace on linux
We’re looking at that now on stream
Then where is that length info useful? Why aren't arrays just pointers? I'm a beginner to C so I don't quite understand
It's not that the length info isn't useful. It's just that the compiler doesn't pass that information to the function
@@nathanbaggs but where is it used?
@@W0lfCLpretty much every time you want to iterate over an array, or maybe you want to allocate it in memory or something, it's *heaps* useful there, if you'll forgive the pun
@@flameofphoenix5998 oh that actually makes sense, thx a lot!
And then when you've decided which one between C and C++, switch to Rust.
lol no
Shrug, they’re all just tools
Will you do the same for linux?
We're doing it on stream at the moment! Keep an eye out for future videos
oh absolutely! @@nathanbaggs
Become a member to get early access to videos (and to previous livestreams in full) - czcams.com/channels/QvW_89l7f-hCMP1pzGm4xw.htmljoin
so that's how they're able to play custom maps and game mods ! that's awesome!
You should try Rust too! You'll be surprised how "smooth" things go vs C++ (nevermind C). Honestly, in another 10 or so years, you will merely describe your intentions and the program will write itself 😅
The crazy part of all this is that these games actually do have a way to patch themselves but apparently this was just something Sony had kept to themselves. Any game that used medius and also included DNAS (I say this because the only games that seem to have these packet handlers all had DNAS while the ones that didn't (socom 1, twisted metal black) don't) had the ability to read and write memory from the server. Sucks that they had to go through these sorts of hoops when sony already had the tools available for situations like this. Dan uses this functionality for his patch and we use it for our patches for SOCOM 2 and Combined Assault.
@nathanbaggs can you do a video on Sony DVD Architect? It has issues running on windows 10 and 11 since they stopped supporting it. It will open just fine but will crash once you start building your project.
I’ve made a note of it (:
5:29 as a Cybersecurity guy, this one tickled me pink. Incredibly novel use for a very standard part of a hacker's toolkit
ehh the winapi is very high level, you’re not really interacting that closely to os, but besides that python is unreadable and slow garbage
Program at work, come home watch some nathanbaggs, program even more, sleep, repeat
I wonder if that Dan is the SnowDan.
This video is awesome. I can see you've put a lot of effort into it mate.
Thanks for the kind gesture 🩷
Ok Boomer
How old do you think I am? 😂
newbie here-so if c was a breath of fresh air-would js or python be pure oxygen in building this game?
9:00 LMAO it's DNA Workshop but your pronunciation was way better
We all make mistakes…
This was one of the best videos I've seen in a long time. Nice work dude. Nothing to suggest you as sollution, you went way deeper than I could've been. Good luck :) Post an update once you have!
Thanks!
Woah! As a fan of love2d, it was interesting to see you hacking on it, I tried to read Balatro's source code once but never thought of modding it, that was awesome.
Did you consider asking the game developers for more info?
I did reach out to the original author of the article (who still works at insomniac), he left a nice comment on this video
I wonder if that EULA trick could be used to install freemcboot
Absolutely it could.
From what I could understand of the Game Developer article, it seems to me that they utilized the EULA itself to patch the game. I visualize this as follows: 1. They replaced (parts of) the EULA with patch code (which would at this step be processed as mere text), and overfilled it past the brim. This overflow would eventually reach a variable that contained an address. 2. They replaced this address for an address within the EULA buffer, meaning the later function callback that used that variable would send the pointer back to the EULA. 3. The pointer would then process the patch code in the EULA as instructions, leaving them free to do as they liked (as long as their patch code didn't ruin the function callback).
Pretty sure that’s what I was aiming for
@@nathanbaggs Ah, so I did manage to follow. I don't have much experience with low level programming, so it all kinda made my head spin
I can vouch for Nath. I saw him copying his PS2 BIOS from my bathroom window.
Phew
Real men write Assembler
Have you seen the developers (Tony Garcia and Mike Stout) let's play with their commentary on that game? It's up on youtube and full of interesting info about how they've made all of this run on a PS2 hardware. Love it just as much as your video, it's fascinating just how many little tricks Insomniac had and their technical knowledge is truly underrated.
No but sounds interesting!
I played UYA for a little bit in 2007 while the servers were still active; I don't know how much memory would you need to overwrite for the buffer to overflow, but it couldn't have been that much, right? Otherwise it would have taken forever for the lobby to load on slow connections back then, and while my DSL wasn't the worst, I don't remember much waiting between the EULA and lobby screens.
There’s still some questions around how often this was actually used and on what versions. All part of the mystery
@@nathanbaggs It would have to have been used every single time you started up multiplayer. The game didn't run off a hard drive so the patch would be lost.
Epic video 😁
Understood nothing of it but really enjoyed the video nonetheless! I hope you can figure it out later on