Game / Memory Hacking [Tut] - GNU/Linux

Users browsing this thread: 1 Guest(s)
Amzo
Members
Well, I think I'll add a little contribution here. You may or may not find this useful, but it is extremely useful for me when it comes to hacking applications, or to modify values in memory that programs may have assigned variables to that memory address.

The use of this, for what I have been using it so far, is to change the memory value for certain variables in games, such as HP, or money, lives, etc to an infinite number.

The program I use is called scanmem which can be found here. It seems as if there is a working version for FreeBSD, but I haven't tried it. scanmem uses a procfs, and FreeBSD can be setup with a procfs support, so it should work.

There are few ways to start scanmem and attach it to the pid of a program. These are three ways I have used so far:

PHP Code:
sudo scanmem pidNumber 

PHP Code:
scanmem --pid `pidof program

PHP Code:
scanmem 

The last command will enter into an interactive prompt. On this prompt to set the pid you can just type:

PHP Code:
pid progNumber 

Below I have took a screenshot of scanmem running and the program I am going to change the value for:

[Image: yy8gW.png]

In this example I am going to change my money in the pacdefence program to 1,000,000. So in out interactive prompt, we first search for the string we want to change. Currently the money variable is set at 4,000 so simply type '4000' into the prompt and let it scan.

PHP Code:
04000 

[Image: fYQwG.png]

After it finished searching, it will show you how many addresses it found containing that value.

PHP Code:
infowe currently have 195 matches.
195

So we need to change the number of the variable in our program to lower it down a bit:

[Image: RYKPo.png]

To lower the value to pinpoint the memory location of the variable that contains "Money" I used 1000 of my money in pac defence, and used:

PHP Code:
1000 

scanmem allows for arithmetic expressions for narrow down the value. You can use things such as:

PHP Code:
- + < > = =< => 

Or you can just type int he value on it's own:

PHP Code:
3000 
but if multiple address have changed to this value, it can take awhile to narrow it down. You just have to keep going until scanmem change sit by one. In some cases, programs will save the value * 8. Unlike this case pac defence saved it as plain old 4,000. Tho some programs would have the value * 8. If you failed to find it try searching for:

PHP Code:
currentValue 

E.G:

PHP Code:
4000 

which would be 32,000.

Now when we narrow it down, we can use the set command to change it to a value of our liking, in this case I will change it to 1,000,000:

PHP Code:
set 1000000 

Where 1,000,000 would be the value you like, if the program saves all variables * 8, then you'd have to times your value by 8, so in this case I would have to set it to 8,000,000. I hope you understand what I mean.

[Image: yiE2O.png]

And that is all, i hope you find this helpful, it has been really helpful for me, and it's a nice little introduction to hacking games. Enjoy.
yrmt
Grey Hair Nixers
Woah, nice contribution.
Amzo
Members
It's useful, still getting used to it, it is capable of a lot more. I was using it in warzone multiplayer to give me infinite energy. xD
yrmt
Grey Hair Nixers
Cheater! :)
Shiru
Members
Awesome. It's something I've been wanting to learn for quite a while but haven't really taken the time for. This post is a good intro.
bottomy
Registered
The one thing to note is the value you are trying to find or edit could be stored as a floating point. So if game hacking is something that's of interest, it pays to take a look into the floating point structure/how they work.

Anyway it's nice to see a tutorial like this. Though it's only scratching the surface, the next thing you might like to do is create a standalone hack for it. So for that you'll usually want to find a static address, this can either come from finding what routines are referencing/making use of that value, and then reversing those routines and determining what should be edited, or seeing if there's some data references to it (either pointer or if the value is actually located within) from one of the static sections. Though then there can sometimes be the issue of section or segment randomization, which is a whole other thing to work around :P.
Syperus
Members
Make sure you don't use the GUI, Game Conqueror. It doesn't list memory addresses that are actually there. I've had nothing but problems with the GUI. I've been memory editing for awhile now so if anyone has any questions hit me up.
FreeBSD
Long time nixers
Oh nice this is very helpful! Thanks
I do Byte