Memory Scanning & Resource Hacking with Cheat Engine [Game Hacking 101]
Вставка
- Опубліковано 21 сер 2024
- Learn to influence how Age of Empires works by directly finding and modifying data in the process memory by making use of Cheat Engine.
If we can find a pointer to the base address of the player object in memory, we can then dereference and follow that pointer, then once we have the dynamic location, we can follow offsets from that dynamic base address to find and modify the player's resources - an infinite resource cheat.
🎮 Game Hacking 101 Playlist ➝ • Game Hacking 101
👮 Fair use of copyrighted material in the context of Age of Empires (video game); en.wikipedia.o... / en.wikipedia.o... and Counter Strike (video game); store.steampow...
⛔ Material presented for offline learning purposes only. No content regarding modern online games or detection bypass techniques will be discussed.
🏆 The 247CTF channel is dedicated to teaching Capture The Flag fundamentals. If you want to improve your technical skills and succeed in Capture The Flag competitions, make sure to subscribe!
🏁 The 247CTF is a free Capture The Flag learning environment where you can improve your technical skills by solving challenges and recovering flags. You can join now for free at 247CTF.com/.
📺 Subscribe for more Capture The Flag videos!
🏆 Solve CTF Challenges ➝ 247CTF.com/
🐦Stay up to date ➝ / 247ctf
🥰 Support the 247CTF ➝ / 247ctf
💬 Discuss and learn ➝ / discord
📌Free flag ➝ 247CTF{9719c5ddf317154473d334f47a77ac6a}
📝 Icons made by Freepik & Monkik from Flaticon.com
🚨 247CTF’s channel videos are intended for educational purposes only. Methods and techniques discussed are not to be used for illegal activities against unauthorised systems.
![Function hooking, detours, inline asm & code caves [Game Hacking 101]](http://i.ytimg.com/vi/e4HZgx3A-wk/mqdefault.jpg)
![Function hooking, detours, inline asm & code caves [Game Hacking 101]](/img/tr.png)
![Reverse Engineering hidden game cheat codes [Game Hacking 101]](http://i.ytimg.com/vi/w7gBkVXuDSQ/mqdefault.jpg)
💰💰💰 The infinite wololololo army cannot be stopped 💰💰💰
Reminds me of the old action replay cards - you'd use a "trainer" program to find all the memory locations that had changed between two known values (i.e. starting ammo and final ammo) then use the card to manipulate those memory locations (e.g. lock the value in so that you'd have infinite ammo)
Very cool, TIL. But yes exactly the same idea. Cheat Engine also has that capability to lock the value if you press the 'X' in the far left of your cheat table.
@@247CTF very cool video series btw - keep it up!
Will do!
Thank you for this video.
It worked for Conquest Frontier Wars, in a different way though, it showed me the .DLL that were being edited :D
Thank you for this tutorial :)
This is awesome!
🔥
every time i enter one of your videos you start it by saying "in the previous video we did this..."
how many previous video i need to watch to grasp this 🤣
Fyi the game hacking playlist is ordered
thanks for ur tutorial i learnt how to get the pointers and stuff but. i have pointerscan results and they all point to ammo. even when the game resets and the pointer changes the ponterscans are still valid.
i created a program to read and write value to a memory address but the memory address needs to be manually corrected every time. idk how to automatically get the correct addresses and i’m stuck on it
Great vid. I hope I can find one for finding team flags in these games. Some are really hard to find in assembly.
What do you mean by team flags?
@247CTF I mean the flag that tells the game if you're the player or an enemy. I doubt that it would be worth a whole video, but there are some games like "Realpolitiks" 2, "8-bit armies" or I think even "Age of empires" 3, where that flag is really though to find.
It's not obfuscated. It's just that, since every player uses the same functions in the same way, the devs decide to drop that check, so if you want to distinguish e.g. does a player deal damage to the AI or an AI to the player, you can't, because the teams flag is not included in the dealDamage call as parameter.
If you read that far, thanks. It might be a cool idea to make a video of how you find the function that tells them apart, but it will be a bit more advanced than this one. I'm using cheat engine every day for the last year and I'm still not sure how to go about it, but if you can, I'd be happy to see it in a video. I can even donate $25 for the effort. Let me know if you're interested. Thanks again.
May I ask how you installed CE? I tried versions 7.3 and 7.2 and both made Windows Defender react to them. I'm kind of afraid since one one side people say it should react (which makes kind of sense) but others say it shouldn't. So did your AntiVirus go off.
Great video by the way!
If you download the binaries from the official source you *should* be fine. Defender probably classifies it as a hacking tool, which it is 😎
It's a little counter-intuitive to me that the food value is stored as a float. In game, it's displayed as an integer. How did you know to set the data type to float and not some integral type?
Good question, I agree and I'm not sure! When I can't find the value I am looking for in Cheat Engine, I usually just brute force the type until I do!
cs420 serious has a video on it I recommend you watch cs420 lol
Resource values are actually float type. But when displayed, they're rounded down to the nearest integer value, for better readability.
great job and expliccation bro, something for reveal map ?
It's in the game hacking playlist
Memory hacking in next level baddass
Multilevel->badass
dud, we were doing this on Atari back in 1987!!
I'm having issues trying to find the value for a timer. For example, I'm playing the combat mission series. I want to find the timer for how long it takes for artillery shells to fire. I can easily find the address to modify the amount of ammunition I have but I'm having issues finding the address that relates to how long it takes for the ammunition to fire. It has a 9 minute timer but I'd like to change it to 1. I've tried searching for 9 and trying to find it while it's counting down but no luck. How would you approach this scenario?
Trial and error - especially on the data type used to store the timer data. It might be stored in seconds for example, not minutes.
Thankyou for this video, very interested! Can you show me step by step when get Address of resources ingame to value base address 0x001830F4 of memory_ptr resource_hack_ptr param in code, and the offsets. In video you talk and action to fast, i can't follow. I'm newbie for this technology, and i want to practice with this game, I want get some info ingame some thing like player's civil, total gold corrected, kill/losses, win/lose ... can you give some advice?
thank in advance, and sorry for my poor English!
I have a question : Why after the first pointermap scan , you cant locate the dynamic address and its value until the second one
It's probably there, but harder to see - since lots of places have the same value we are after. The more you can refine and perform more scans, the more likely to find the real value you care about.
Age of mythology resources doesnt work the same with resources. Can you explain why? For example, if i have 250 and change to 200, it wont show up.
They might be using a different representation for the value, or it could be being masked / obfuscated (to prevent exactly what you are trying to do).
what if i change the type from 4 bytes to float and it turns into weird numbers and letters , do i change it back?
If it's the wrong type, you might need to have a few guesses or do some reverse engineering
👏🙂
💪
How can I get this game? I’d like to follow along
This same version, I don't know.. You could try assuaultcube and apply similar techniques
@@247CTF do you plan on making more game hacking videos?
u lost me at 8:00 but all good!
Start from the beginning of the series for context!
@@247CTF no addresses and Values show up HELP!!
Try governor of poker please 🙏
💀