ended up writing my own thing... now it is AWESOME, why? i can just automatically place the hex digits... which makes it work on both x86 and x64 (it is awesome) it is as easy as going to an asm to hex converter, and writing a function to place those hex bytes into a byte vector, i then copy the data to my detour, and of course call the hook function and making a copy of the original code, allowing me to make an unhook function, it also nops any additional bytes by actually checking if our instruction is bigger than 5 and if it is? it will just nop them out so no need for a mangled bytes variable... yay!, i then manually write the asm code needed... and we are done, it works flawlessly, anyway... this tutorial was awesome! i learned so much... i had 0 knowledge before
Wow, your gamehacking Videos are the best i ever found .. thank you so much for this! Gonna watch them all!! Finally someone who can explain Well and talks about the concepts of gamehacking :)
Hi, excellent video, however i have a question about the first software with the printf, where did you see what was needed for the "printf" function ? I'm asking that because for example, if you reverse engineer whatever software, how do we know the parameters used for that function ? nvm i'm new so i'm sorry if my question sound a little bit dumb :D
Excellent video! I'm learning so much. I see that adding and removing the instructions misaligns the bytes in the file. Why can you not simply increase the file size and push the bytes back so they aren't affected? Will that mess up pointers and addresses?
Great video. I have two things I don't understand: What is the purpose of poping the return address at the start? Why are the instruction overwritten by the jump being pushed onto the stack instead of where the instruction pointer will be looking at?
en.wikipedia.org/wiki/Address_space_layout_randomization I didn't take good screenshots while recording. Do voice over separately and didn't want to re-record.
Wow this was a really professional and extremely informative guide! I like it! One thing to note, it would be great if you toned down the number of times you show your logo in full screen between sections. It gets extremely distracting. A wipe or dissolve may be better. I would also appreciate if you mentioned the names of the tools you were using. Lastly, why did you push the overwritten instructions to the stack during cleanup in your example patch? Wouldn't that change the stack?
@@247CTF maybe a good alternative is a sideways shift? Essentially the problem is that the full screen logo covers content and breaks trains of thought. So any way that avoids doing that would be helpful
I’m just getting started and the asm part kinda confuses me. Sorry, but apart from writing the instructions that were overwritten, what’s the reason behind the rest? Can’t I rewrite the overwritten stuff, do my code and jump back to the program’s flow? I’ve seen another hook video and that’s what he does, though yours sure looks better.
There are a number of ways to do this. When you call a function 'normally' that call will result in a 'bunch of stuff' happening (epilogue). The idea with the inline asm is to control the call, so we can access the data we want and return execution back to where we started so the program continues to function.
Brother Can you please do a code cave video on x64 games or x64 process?, because Vs does not support 64 bit asm inlineing. Very difficult to find any info on code caves with x64. Because most games now days are x64. Makes byte manipulation terrible because Cant inline it. I Can only Patch the bytes if the size don't change. I would love to see a template made just for code caves asm inline or something we can use. I really don't see how cheat engine can do the asm inline in its scripts, be nice to figure that out. Thanks bro I love your videos they are sweet.😁
![Hooking, hijacking & spying on player resource data structures [Game Hacking 101]](http://i.ytimg.com/vi/ea_gFniwWM4/mqdefault.jpg)
![Hooking, hijacking & spying on player resource data structures [Game Hacking 101]](/img/tr.png)
![Reverse engineering player structures in a game [Game Hacking 101]](http://i.ytimg.com/vi/rTBRRpc9OUk/mqdefault.jpg)
🤡🤡🤡 TFW loosing recording footage and gaining ASLR 🤡🤡🤡
is this ARM?
I really appreciate that you're talking slowly so that we can follow easily.
Thanks!
You're welcome and glad you noticed! Takes some practise!
ended up writing my own thing... now it is AWESOME, why? i can just automatically place the hex digits... which makes it work on both x86 and x64 (it is awesome) it is as easy as going to an asm to hex converter, and writing a function to place those hex bytes into a byte vector, i then copy the data to my detour, and of course call the hook function and making a copy of the original code, allowing me to make an unhook function, it also nops any additional bytes by actually checking if our instruction is bigger than 5 and if it is? it will just nop them out so no need for a mangled bytes variable... yay!, i then manually write the asm code needed... and we are done, it works flawlessly, anyway... this tutorial was awesome! i learned so much... i had 0 knowledge before
Wow, your gamehacking Videos are the best i ever found .. thank you so much for this!
Gonna watch them all!!
Finally someone who can explain Well and talks about the concepts of gamehacking :)
Glad you like them!
I miss your game hacking tutorials :(
Me too 😣
Very clear and to the point, you are a great teacher, love your style. TYVM
Thank you! 😊
Great explanation that applies to so much more than just games, ended up here while looking into the pegasus sypware and really enjoyed it! Cheers :D
Glad I could help!
Thank you a lot of this. Just got this recommended to me randomly and now I want to reverse again! Great tutorial!
Good luck!
@@247CTF thank you!!
Hi, excellent video, however i have a question about the first software with the printf, where did you see what was needed for the "printf" function ? I'm asking that because for example, if you reverse engineer whatever software, how do we know the parameters used for that function ? nvm i'm new so i'm sorry if my question sound a little bit dumb :D
I know from playing the game and guessed the format of the format specifier
Excellent video! I'm learning so much.
I see that adding and removing the instructions misaligns the bytes in the file. Why can you not simply increase the file size and push the bytes back so they aren't affected? Will that mess up pointers and addresses?
Glad it was helpful! Doing that will likely break a bunch of stuff, for example if there are absolute jumps/references to values.
Great video. I have two things I don't understand: What is the purpose of poping the return address at the start? Why are the instruction overwritten by the jump being pushed onto the stack instead of where the instruction pointer will be looking at?
The value is popped so we know where to return back to before the value is overwriten
really solid stuff!
Thanks!
Useful content, but if you use malloc, you should free the memory with free after use (9:36)
Probably should, but the OS will clean this up when the game process closes anyway
I might be late to ask this, but why is 2D = E5 at 3:53?
Good content though. Thanks.
en.wikipedia.org/wiki/Address_space_layout_randomization
I didn't take good screenshots while recording. Do voice over separately and didn't want to re-record.
Good job keep going bro, will be waiting send/recv packet tutorial ^^
Coming soon!
Wow this was a really professional and extremely informative guide! I like it! One thing to note, it would be great if you toned down the number of times you show your logo in full screen between sections. It gets extremely distracting. A wipe or dissolve may be better.
I would also appreciate if you mentioned the names of the tools you were using.
Lastly, why did you push the overwritten instructions to the stack during cleanup in your example patch? Wouldn't that change the stack?
Thanks for the feedback! Have previously been asked to not use dissolve or wipes as people don't like the "motion feeling" - can't please everyone!
@@247CTF maybe a good alternative is a sideways shift? Essentially the problem is that the full screen logo covers content and breaks trains of thought. So any way that avoids doing that would be helpful
Good video, I need help with retrieving the data with detours
Example : getting player current level or health and perform action based on it
Not sure without an example. The game hacking playlist should show you how to do something similar though.
I’m just getting started and the asm part kinda confuses me.
Sorry, but apart from writing the instructions that were overwritten, what’s the reason behind the rest? Can’t I rewrite the overwritten stuff, do my code and jump back to the program’s flow? I’ve seen another hook video and that’s what he does, though yours sure looks better.
There are a number of ways to do this. When you call a function 'normally' that call will result in a 'bunch of stuff' happening (epilogue). The idea with the inline asm is to control the call, so we can access the data we want and return execution back to where we started so the program continues to function.
Brother Can you please do a code cave video on x64 games or x64 process?, because Vs does not support 64 bit asm inlineing. Very difficult to find any info on code caves with x64. Because most games now days are x64. Makes byte manipulation terrible because Cant inline it. I Can only Patch the bytes if the size don't change. I would love to see a template made just for code caves asm inline or something we can use. I really don't see how cheat engine can do the asm inline in its scripts, be nice to figure that out. Thanks bro I love your videos they are sweet.😁
Good idea, I'll add it to the todo list! If the space is too big, you can try nop'ing it!
I am not sure but i read somewhere about a forced security thing in windows x64 that prevents execution of code in the process stack and heap.
I would also love this, im struggling lol
wololololo I love this video 🤗
😡 .. 😇
what about x64 hook tutorial?
for what you make this variable "patch_cliprgn" ?? #12:45 are u not using it =v im confuse... how your ASM code knows where he will be injected?
The value is found earlier, it's the address to be hooked
And in 64 bits?
Could ask the devs to recompile the game?
warning C4244: 'argument': conversion from 'time_t' to 'unsigned int', possible loss of data
☠️
it is a warning who cares