Function hooking, detours, inline asm & code caves [Game Hacking 101]
Vložit
- čas přidán 23. 03. 2021
- Our game hacking binary patching approach so far has been focused on making small changes to the way that the game works. But what happens if we want to do something which takes up more space than we actually have available to us?
🎮 Game Hacking 101 Playlist ➝ • Game Hacking 101
👮 Fair use of copyrighted material in the context of Age of Empires (video game); en.wikipedia.org/w/index.php?...
⛔ Material presented for offline learning purposes only. No content regarding modern online games or detection bypass techniques will be discussed.
🏆 The 247CTF channel is dedicated to teaching Capture The Flag fundamentals. If you want to improve your technical skills and succeed in Capture The Flag competitions, make sure to subscribe!
🏁 The 247CTF is a free Capture The Flag learning environment where you can improve your technical skills by solving challenges and recovering flags. You can join now for free at 247CTF.com/.
📺 Subscribe for more Capture The Flag videos!
🏆 Solve CTF Challenges ➝ 247CTF.com/
🐦Stay up to date ➝ / 247ctf
🥰 Support the 247CTF ➝ / 247ctf
💬 Discuss and learn ➝ / discord
📌Free flag ➝ 247CTF{9719c5ddf317154473d334f47a77ac6a}
📝 Icons made by Freepik & Monkik from Flaticon.com
🚨 247CTF’s channel videos are intended for educational purposes only. Methods and techniques discussed are not to be used for illegal activities against unauthorised systems.
![Reverse Engineering hidden game cheat codes [Game Hacking 101]](http://i.ytimg.com/vi/w7gBkVXuDSQ/mqdefault.jpg)
![Reverse Engineering hidden game cheat codes [Game Hacking 101]](/img/tr.png)
![Hacking a game with DLL injection [Game Hacking 101]](http://i.ytimg.com/vi/KCtLiBnlpk4/mqdefault.jpg)
🤡🤡🤡 TFW loosing recording footage and gaining ASLR 🤡🤡🤡
is this ARM?
I really appreciate that you're talking slowly so that we can follow easily.
Thanks!
You're welcome and glad you noticed! Takes some practise!
Wow, your gamehacking Videos are the best i ever found .. thank you so much for this!
Gonna watch them all!!
Finally someone who can explain Well and talks about the concepts of gamehacking :)
Glad you like them!
Great explanation that applies to so much more than just games, ended up here while looking into the pegasus sypware and really enjoyed it! Cheers :D
Glad I could help!
Very clear and to the point, you are a great teacher, love your style. TYVM
Thank you! 😊
really solid stuff!
Thanks!
I miss your game hacking tutorials :(
Me too 😣
Thank you a lot of this. Just got this recommended to me randomly and now I want to reverse again! Great tutorial!
Good luck!
@@247CTF thank you!!
Good job keep going bro, will be waiting send/recv packet tutorial ^^
Coming soon!
Hi, excellent video, however i have a question about the first software with the printf, where did you see what was needed for the "printf" function ? I'm asking that because for example, if you reverse engineer whatever software, how do we know the parameters used for that function ? nvm i'm new so i'm sorry if my question sound a little bit dumb :D
Excellent video! I'm learning so much.
I see that adding and removing the instructions misaligns the bytes in the file. Why can you not simply increase the file size and push the bytes back so they aren't affected? Will that mess up pointers and addresses?
Glad it was helpful! Doing that will likely break a bunch of stuff, for example if there are absolute jumps/references to values.
wololololo I love this video 🤗
😡 .. 😇
Good video, I need help with retrieving the data with detours
Example : getting player current level or health and perform action based on it
Not sure without an example. The game hacking playlist should show you how to do something similar though.
Useful content, but if you use malloc, you should free the memory with free after use (9:36)
Probably should, but the OS will clean this up when the game process closes anyway
Great video. I have two things I don't understand: What is the purpose of poping the return address at the start? Why are the instruction overwritten by the jump being pushed onto the stack instead of where the instruction pointer will be looking at?
The value is popped so we know where to return back to before the value is overwriten
I’m just getting started and the asm part kinda confuses me.
Sorry, but apart from writing the instructions that were overwritten, what’s the reason behind the rest? Can’t I rewrite the overwritten stuff, do my code and jump back to the program’s flow? I’ve seen another hook video and that’s what he does, though yours sure looks better.
There are a number of ways to do this. When you call a function 'normally' that call will result in a 'bunch of stuff' happening (epilogue). The idea with the inline asm is to control the call, so we can access the data we want and return execution back to where we started so the program continues to function.
I might be late to ask this, but why is 2D = E5 at 3:53?
Good content though. Thanks.
en.wikipedia.org/wiki/Address_space_layout_randomization
I didn't take good screenshots while recording. Do voice over separately and didn't want to re-record.
Brother Can you please do a code cave video on x64 games or x64 process?, because Vs does not support 64 bit asm inlineing. Very difficult to find any info on code caves with x64. Because most games now days are x64. Makes byte manipulation terrible because Cant inline it. I Can only Patch the bytes if the size don't change. I would love to see a template made just for code caves asm inline or something we can use. I really don't see how cheat engine can do the asm inline in its scripts, be nice to figure that out. Thanks bro I love your videos they are sweet.😁
Good idea, I'll add it to the todo list! If the space is too big, you can try nop'ing it!
I am not sure but i read somewhere about a forced security thing in windows x64 that prevents execution of code in the process stack and heap.
I would also love this, im struggling lol
what about x64 hook tutorial?
for what you make this variable "patch_cliprgn" ?? #12:45 are u not using it =v im confuse... how your ASM code knows where he will be injected?
The value is found earlier, it's the address to be hooked
And in 64 bits?
Could ask the devs to recompile the game?
Wow this was a really professional and extremely informative guide! I like it! One thing to note, it would be great if you toned down the number of times you show your logo in full screen between sections. It gets extremely distracting. A wipe or dissolve may be better.
I would also appreciate if you mentioned the names of the tools you were using.
Lastly, why did you push the overwritten instructions to the stack during cleanup in your example patch? Wouldn't that change the stack?
Thanks for the feedback! Have previously been asked to not use dissolve or wipes as people don't like the "motion feeling" - can't please everyone!
@@247CTF maybe a good alternative is a sideways shift? Essentially the problem is that the full screen logo covers content and breaks trains of thought. So any way that avoids doing that would be helpful
warning C4244: 'argument': conversion from 'time_t' to 'unsigned int', possible loss of data
☠️