Video

Bro, how did you manage to put the entire program on a singlr graph? It is no easy task. Please enlighten us

pretty sure i cant just watch this with zero knowledge on anything lol.

Did anyone ever notice the obfuscated cheats were from the base game? (From ancient memory it seems to align)

thanks for ur tutorial i learnt how to get the pointers and stuff but. i have pointerscan results and they all point to ammo. even when the game resets and the pointer changes the ponterscans are still valid. i created a program to read and write value to a memory address but the memory address needs to be manually corrected every time. idk how to automatically get the correct addresses and i’m stuck on it

what if i change the type from 4 bytes to float and it turns into weird numbers and letters , do i change it back?

I saw Age of Empire and reverse engineering immediately subbed❤

As an old cracker/ trainermaker : You don’t need to understand the game. You just need to know what you want to influence. Then take memory snapshots at certain stages and compare. See the changes and then go into detail. That’s trainer making Oldskool.

u think my aoe1 game is better than my aoe2 game? all ur videos is RE on aoe1

try reverse aegis

Wouldn't piggybagging on one of the existing dll's be better? So for example it probably uses winmm.dll or some d3d dll. If you put that in the same directory as the executable; it'll get loaded first. You stub/forward all the functions and put your own stuff in one of the ones that gets called. That way you don't need admin elevation to inject yourself into the other process

Hi, excellent video, however i have a question about the first software with the printf, where did you see what was needed for the "printf" function ? I'm asking that because for example, if you reverse engineer whatever software, how do we know the parameters used for that function ? nvm i'm new so i'm sorry if my question sound a little bit dumb :D

I thought windows will always give you random memory addresses, but you apply patching to the same address all the time. I don't get it.

Thankyou for this video, very interested! Can you show me step by step when get Address of resources ingame to value base address 0x001830F4 of memory_ptr resource_hack_ptr param in code, and the offsets. In video you talk and action to fast, i can't follow. I'm newbie for this technology, and i want to practice with this game, I want get some info ingame some thing like player's civil, total gold corrected, kill/losses, win/lose ... can you give some advice? thank in advance, and sorry for my poor English!

Nice tutorial !. It's possible to inject a .Net Framework DLL ?. Thx

PLS Find for me address at time 2:24

what about x64 hook tutorial?

When you find an awesome channel and they haven't uploaded in 2 years :(

i dont understand, what we are doing is reading a pointer that points to a pointer that points to a pointer and so on until the last pointer points to the actual memory adress or are we just adding the known offsets? and if thats the case, why couldnt we just store the sum of all of the offsets and add that instead of storing all of them and adding them one by one? if i press "pointer scan for this adress" and it tells me there is a base adress an then 2 offsets, offset 0 is 10 and offset 1 is 154, then what im looking for is base adress + (10 + 154) and if i go there i should find the memory location im looking for right? also when cheat engine says 10, does it mean decimal 10 or hexadecimal 10, wich would be 16?

Very interesting! Maybe you have heard that ubisoft has shut down The Crew 1, an always online racing game that has an integrated offline mode not available for normal players. Could the same or a similar method be used to make this offline mode available?

Age of mythology resources doesnt work the same with resources. Can you explain why? For example, if i have 250 and change to 200, it wont show up.

#BoycottPatreon for providing services to rashian war criminals like WarGonzo

Is it possible to do this in an online games like ragnarok online?

the process reminds me of MelonLoader, which is easier to load custom dll into a game

Incredible video, congrats

For anyone it might concern: if you're using WCHAR (wchar_t) type in case of unicode and you're using LoadLibraryW, then you need to use wcslen for the string length. And not only that, wcslen only returns the length in wide-char units, and since VirtualAllocEx and WriteProcessmemory expects it in byte units, you must multiply the string length by sizeof(WCHAR), which commonly is 2 bytes. TLDR; dllPathBytes = (wcslen(dllFullPath) + 1) * sizeof(WCHAR)

how can we detedt this type of vulnerabilitys on a web app using burp

I'm having issues trying to find the value for a timer. For example, I'm playing the combat mission series. I want to find the timer for how long it takes for artillery shells to fire. I can easily find the address to modify the amount of ammunition I have but I'm having issues finding the address that relates to how long it takes for the ammunition to fire. It has a 9 minute timer but I'd like to change it to 1. I've tried searching for 9 and trying to find it while it's counting down but no luck. How would you approach this scenario?

Very clear and to the point, you are a great teacher, love your style. TYVM

This is excellent and definitely more interested in a more robust DLL injection solution.

can i deal with mono.dll like you used the LoadLibraryA and run it in thread inside the target process but i will use for ex mono_get_root_domain ???

Great video. I have two things I don't understand: What is the purpose of poping the return address at the start? Why are the instruction overwritten by the jump being pushed onto the stack instead of where the instruction pointer will be looking at?

I wanna add new civs to settlers 4 not sure if that is possible but I dont even understand reverse engineering so that is the biggest barrier.

Is this technique also work on Ghidra, I'm newbie and I've been trying to reverse a game coded in C++ called Rise and Fall Civilisation at war

Hello sir AVIATOR GAME hacking videos please sir..

What program are you using scan the memory locations?

How do you locate the address of the patch without knowing it in the first place? And how do you know what values to overwrite it with to achieve the function you want?

So the most secure way is to use magic bytes?

Can this be done for Age of Empires II: The Conquerors?

i watch dll injection tutorial for "educational" purpose 😏

You have an error in your code. You should get rid of the [::-1] I will explain: In the video at 10:01 the codes(in little edian hex dump) are the following: 78 68 00 00 5f 2a 00 00 but because memory is in *little endian* , the codes are really: 6878h 2a5fh ... you copied the codes into python in little endian form(meaning, already "swapped")... This code really swaps the bytes 8:50 mov ecx, dword[....] ; *loads 6878h into ecx NOT 7868* move edx,ecx ; ditto into edx sar edx,0x8 ; now edx holds 68h mov byte[eax],dl ;68h is loaded into LOW memory inc eax ; advance memory pointer move byte[eax],cl ;78h is loaded into HIGHER memory *The value loaded into ecx is 6878h NOT 7868h, and the value written into memory pointed to by eax is 7868h NOT 6878h* You copied the codes into the python array directly from hex dump in little endian format, thus the python does not need [::-1], as you already inadvertently swapped the bytes when copying.

whats the differnce how dll injector and lua injector work

Nice video but I don't understand why the transposition table uses 4 byte values to store 2 char values with 2 null bytes, wouldn't it be easier to use cx instead of using ecx? Also why does the function use both ecx and edx to access these characters when it can be accessed by using cl and ch. Is this some form of code obfuscation or just a compiler quirk?

Helps me a lot

How can I get this game? I’d like to follow along

thank you for your work mate, really appreciate it! also, your voice is incredibly soothing and perfect for explaining this stuff absolutely lovely <3

Nice