Bypasssing Checks: Pointing Checks To A Duplicate
Vložit
- čas přidán 23. 10. 2021
- Today we are going to look at another way to bypass integrity checks. Thx to Dark Byte we will make a duplicate of the game and point the checks to it.
Do not forget to dealloc all addresses, I forgot to show that In the vid.
Cheat The Game on Facebook: / cheatthegame
CTG Discord Channel: discordapp.com/invite/ndn4pqs
Become a Cheat The Game Partner at Patreon: / cheatthegame
Donation Paypal: paypal.me/CheatTheGame
===================================================
====Template to Make Duplicate of Game====
alloc(copyOfModule,$40A000) //change bytes to size of your process
alloc(addressOfModuleStart,8)
alloc(addressOfModuleEnd,8)
alloc(addressOfCopy,8)
registersymbol(copyOfModule)
copyOfModule:
readmem($process,$40A000) //change bytes to size of your process
addressOfModuleStart:
dq $process
addressOfModuleEnd:
dq $process+getModuleSize(process)
addressOfCopy:
dq $copyOfModule
[DISABLE]
dealloc(copyOfModule addressOfModuleStart addressOfModuleEnd addressOfCopy )
unregistersymbol(copyOfModule)
================================================
===Full Script From Video=========================
[ENABLE]
alloc(copyOfModule,$40A000)
alloc(addressOfModuleStart,8)
alloc(addressOfModuleEnd,8)
alloc(addressOfCopy,8)
registersymbol(copyOfModule)
copyOfModule:
readmem($process,$40A000)
addressOfModuleStart:
dq $process
addressOfModuleEnd:
dq $process+getModuleSize(process)
addressOfCopy:
dq $copyOfModule
alloc(newmem6,2048,"gtutorial-x86_64.exe"+38E8F)
label(returnhere6)
label(originalcode6)
label(exit6)
newmem6:
push rax
lea rax,[r9+rcx*2]
cmp rax,[addressOfModuleStart]
jb originalcode6
cmp rax,[addressOfModuleEnd]
ja originalcode6
sub rax,[addressOfModuleStart]
add rax,[addressOfCopy]
movzx ecx,word ptr [rax]
jmp exit6
originalcode6:
movzx ecx,word ptr [r9+rcx*2]
exit6:
pop rax
jmp returnhere6
"gtutorial-x86_64.exe"+38E8F:
jmp newmem6
returnhere6:
///////////////////////////////////////////////////////////
alloc(newmem2,2048,"gtutorial-x86_64.exe"+38E4F)
label(returnhere2)
label(originalcode2)
label(exit2)
newmem2:
push rax
lea rax,[r9+rcx*2]
cmp rax,[addressOfModuleStart]
jb originalcode2
cmp rax,[addressOfModuleEnd]
ja originalcode2
sub rax,[addressOfModuleStart]
add rax,[addressOfCopy]
movzx ecx,word ptr [rax]
jmp exit2
originalcode2:
movzx ecx,word ptr [r9+rcx*2]
exit2:
pop rax
jmp returnhere2
"gtutorial-x86_64.exe"+38E4F:
jmp newmem2
returnhere2:
//////////////////////////////////////////////////////////
alloc(newmem,2048,"gtutorial-x86_64.exe"+38DFF)
label(returnhere)
label(originalcode)
label(exit)
newmem:
push rax
lea rax,[r9+rcx*2]
cmp rax,[addressOfModuleStart]
jb originalcode
cmp rax,[addressOfModuleEnd]
ja originalcode
sub rax,[addressOfModuleStart]
add rax,[addressOfCopy]
movzx ecx,word ptr [rax]
jmp exit
originalcode:
movzx ecx,word ptr [r9+rcx*2]
exit:
pop rax
jmp returnhere
"gtutorial-x86_64.exe"+38DFF:
jmp newmem
returnhere:
[DISABLE]
dealloc(newmem6)
"gtutorial-x86_64.exe"+38E8F:
movzx ecx,word ptr [r9+rcx*2]
//Alt: db 41 0F B7 0C 49
dealloc(newmem2)
"gtutorial-x86_64.exe"+38E4F:
movzx ecx,word ptr [r9+rcx*2]
//Alt: db 41 0F B7 0C 49
dealloc(newmem)
"gtutorial-x86_64.exe"+38DFF:
movzx ecx,word ptr [r9+rcx*2]
//Alt: db 41 0F B7 0C 49
dealloc(copyOfModule addressOfModuleStart addressOfModuleEnd addressOfCopy )
unregistersymbol(copyOfModule) - Hry
Do not forget to dealloc all addresses, I forgot to show that In the vid.
Christ can you try bypass anti hack some game online
Another good video, thanks.
You also can use to dealloc, unregister using asterisk (*) so you dont have to write all allocs / registers again the (*) will do the job.
@@belatcradus6123 yeah, only since CE 7.2 though
you also forgot to pop rax in the originalcode sections
Long lùn
Finally I have Been Waiting decades for this video Thank You.
Nice video, it helped me a lot!
Thanks a lot for this video ! Really helpful content 🔥
My pleasure!
man, your genius lol, just donated to your Paypal love the content, here I am having trouble with a 2d steam game called Okinawa Rush trying to find health values and assign a countdown cheat, and you are on the next level of hacking sheesh I suck at this.🤣🤣🤣
Thank you so much! Ill add you to the list of Partners
Dont let your learning frustrate you, we have all been there. Come join us at our discord discord.com/invite/ndn4pqs Many great game hackers hang out there to help you and answer any question you may have. We all help each other as we learn together.
Thank you so much, I was determined to get it to finally work, I took your advice lmao lol 😆
wow thank you, now i can have fun!
nice, thanks a lot Chris
For anyone watching this in the future, this lua script can be used to get module size a bit easier.
module="YourModuleHere"
moduleBase=getAddress(module)
moduleSize=getModuleSize(module)
if moduleBase~=nil and moduleSize~= nil then
print(string.format("%s base: %x, %s size: %u bytes", module, moduleBase, module, moduleSize))
moduleEnd=moduleBase+moduleSize
print(string.format("%s end: %x", module, moduleEnd))
end
Rip Chris. You will be missed.
Yes you just put the debugger on the opcode itself, to find everything that is accessing it. You can do this in the memory dump. This will show you the memory checks.
You Know What I like your thumbnail
Can you guide me how to use the ban code?
Notification squad!
is there anything wrong with video quality?, there only 360p option
Its still processing I just put it on public a little too early. Sorry about that, HD will be up shortly
@@ChrisFayte thank you chris for you hard work, I can't wait for learn new thing
nice work Chris
make please some trainer when you have time for game "Age of empire 4 " cr4ck is out and has big demand :)
How can I find a value while there nothing in game can change it?
find a changing relative value that would be in the same structure, then go play with values in the structure until you effect the one you want
I could not find the video or thread from darkbytes. Can you help me out?
thanks for the video btw.
It is in the upper right hand corner of the vid itself. czcams.com/video/bfNBBkweydc/video.html
@@ChrisFayte sorry for my late response. I love your videos and thanks for the link.
Can you do a tut on "dbvm_cloak_activate" in cheat engine?
Ive had trouble using dbvm on my system.
@@ChrisFayte I can't believe Chris Fayte just answered my question!... Thank you so much, you have helped me a lot these past 2 years and to get a reply... wow!!!
God Bless you Chris!
Always a pleasure pal.
Yeah DBVM is a mess for me too. It's fine on Intel but unstable on AMD.
Guys, DBVM have some problems with viruslike programs, like vanguard anticheat, in my case I dont hack on valorant, but I was trying to hack on another game and vanguard was blocking dbvm, so If some of you have it installed, it may be the reason.
( I say just in case, cause dbvm have compatibility problems with a lot of more things, so this is just one out of hundred of cases. )
What language is this ?
Assembly
Unreal, its work
Long hả 🤔
Please can u uploaded war commander web game hack ☹️🥺
these are server sided values
You like pro hacking, Assembly code to change PE
Ể long