Game Hacking Stuff

Some projects I have been working on consist of external and internal game hacking. Game hacking is a constant cat and mouse game between the cheat developers and the game developers.

One of the most recent things that are starting to get added to some of these games is pointer encryption, this isnt a problem for someone internal (directly mapping into target process) as they can just call said function.

But for external (read/write virtual memory from outside target process), this can get a bit trickier, one of the ways I tackled this is by using a disassembler and cpu emulator.

The disassembler will disassemble the current instruction at the address you give it, giving more information about what is being done at that address.

The cpu emulator allows you to read any amount of instructions into your own address space and execute them, most emulators will let you set a callback to handle any external reads the instructions might make from target process.

So, we could use pattern scanning (scanning for an array of bytes in target process), to get the start and end of the stub we want to emulate. The library I like to use is made by bitdefender. It's extremely light weight for what it does.

bitdefender library (bddisasm/bdshemu)

Some examples of the encryption routines used by AAA games and how we tackle it