What i mean if there is a game
and we want to make the player shot from third party program like if there is a button if we press on it it make the player shot
so we change the entire function by function injecting in c++
or how?
any ideas?
I don't know what you mean. Do you mean making a program to control the game?
Quote from: ysc3839 on Jun 09, 2017, 12:42 AMI don't know what you mean. Do you mean making a program to control the game?
Yea that what i mean!
At that point you're more or less talking about developing hacks.
Quote from: Stormeus on Jun 09, 2017, 01:56 AMAt that point you're more or less talking about developing hacks.
lol , just for making some mods in my game and a complement to my multiplayer mod in game called [Duke Nukem: Manhattan Project] you made me tell the name before i release it :P
but i really need the answer because there is not any answer in google
vc-mp is a hack itself, its injecting in vice city game.
Use a debugger, find the offset that shoots (try using breakpoints) and either jmp to it or push the current offset into the callstack and call it. Never done this before so don't know which one you'd use for this.
Quote from: vito1 on Jun 09, 2017, 05:14 AMvc-mp is a hack itself, its injecting in vice city game.
All multiplayer mod [that without source code] are memory hack and network stuff.
Quote from: EK.IceFlake on Jun 09, 2017, 05:30 AMUse a debugger, find the offset that shoots (try using breakpoints) and either jmp to it or push the current offset into the callstack and call it. Never done this before so don't know which one you'd use for this.
that seems easy to be done in cheat engine but the problem is in injecting it in c++ .
that assembly sucks xD
Quote from: vito1 on Jun 09, 2017, 05:14 AMvc-mp is a hack itself, its injecting in vice city game.
You're not wrong.
Ok guys is there a way to inject the commands or that scripts in the memory , and getting the real offset like finding a needle in the hay :v
i think we need to ask
@maxorator !
Quote from: Zeyad Ahmed on Jun 09, 2017, 06:48 AMOk guys is there a way to inject the commands or that scripts in the memory , and getting the real offset like finding a needle in the hay :v
i think we need to ask @maxorator !
You aren't supposed to
guess the offset. You are supposed to actually
find it.
There's more to it than just finding an offset. You can mirror the behaviour produced when the shooting key is pressed (trigger the same function with the same parameters) and that'd probably be the easiest way to accomplish it.
Quote from: Shadow on Jun 11, 2017, 03:59 PMThere's more to it than just finding an offset. You can mirror the behaviour produced when the shooting key is pressed (trigger the same function with the same parameters) and that'd probably be the easiest way to accomplish it.
Do you know how to use a debugger to find out the address of the function where you are supposed to jmp to? I tried using a debugger today and didn't understand it at all.
I don't think I'm supposed to talk about stuff like this since it could easily lead to development of hacks, but there are numerous sites that explain things like this on the internet, I'm sure you'll find the answer if you dig deep enough.
@EK.IceFake I used IDA but I can't even get the address
Quote from: Shadow on Jun 11, 2017, 05:14 PMI don't think I'm supposed to talk about stuff like this since it could easily lead to development of hacks, but there are numerous sites that explain things like this on the internet, I'm sure you'll find the answer if you dig deep enough.
Well, YouTube filled up with useless videos only for game health and so on, but injecting function I didn't find that I spent 3 weeks in that no hope
I though VCMP forum will help , you know why? And you too shadow
This is a delicate subject that I am not willing to talk more about because it could lead to development of even more hacks (and I know how much Stormeus hates to patch exploits that lead to hacks such as the F1 hack...). There are forums dedicated to modding. Learn assembly and reverse engineering shall you attempt anything.
Quote from: Shadow on Jun 11, 2017, 05:39 PMThis is a delicate subject that I am not willing to talk more about because it could lead to development of even more hacks
Because of a few evil people, all of us have to suffer. There is harm in it but the good is greater than the harm.
Quote from: Shadow on Jun 11, 2017, 05:39 PMThere are forums dedicated to modding. Learn assembly and reverse engineering shall you attempt anything.
The problem is that most people have a similar attitude and there isn't really anywhere we can learn about it.
I'll see what I can find on Youtube and the likes.
Seriously, you guys search them on Youtube?
Quote from: KAKAN on Jun 12, 2017, 04:25 AMSeriously, you guys search them on Youtube?
What are you referring to by "them"? I'm talking about how to use a debugger.
General debugging, reverse engineering and modding talk is okay. There's no point trying to limit it here as there are many places to find information about it. And it is good that this information is easily accessible as modding is something that should be encouraged.
Specific details about modding Vice City is also acceptable as long as the information is not specifically focused on providing easy copy-pasteable hacks (offsets to health, armor, places to NOP to disable all damage, etc).
However, if you're interested in these topics you should probably visit GTAForums&co just because they have a lot of content about it and a lot of people who deal with it (maybe not with VC so much anymore though).
As for VC:MP-specific reverse engineering, I would rather not have people share much details about it here. If you are developing some modification for your own personal use (which is fine as long as you don't use it on other people's servers), then you should already be proficient enough in reverse engineering and modding beforehand anyway to find functions and offsets on your own. Only the offsets and function locations are not enough to make anything of value anyway, so without general reverse engineering and programming skills you can't really make anything more than simple hacks or small visual changes anyway.
Sharing anything related to changing VC:MP visually on your side only (colors, graphics quality, etc) is totally fine though, unless of course the purpose is to see more than you are supposed to see.
Quote from: maxorator on Jun 12, 2017, 01:15 PMGeneral debugging, reverse engineering and modding talk is okay. There's no point trying to limit it here as there are many places to find information about it. And it is good that this information is easily accessible as modding is something that should be encouraged.
Specific details about modding Vice City is also acceptable as long as the information is not specifically focused on providing easy copy-pasteable hacks (offsets to health, armor, places to NOP to disable all damage, etc).
However, if you're interested in these topics you should probably visit GTAForums&co just because they have a lot of content about it and a lot of people who deal with it (maybe not with VC so much anymore though).
As for VC:MP-specific reverse engineering, I would rather not have people share much details about it here. If you are developing some modification for your own personal use (which is fine as long as you don't use it on other people's servers), then you should already be proficient enough in reverse engineering and modding beforehand anyway to find functions and offsets on your own. Only the offsets and function locations are not enough to make anything of value anyway, so without general reverse engineering and programming skills you can't really make anything more than simple hacks or small visual changes anyway.
Sharing anything related to changing VC:MP visually on your side only (colors, graphics quality, etc) is totally fine though, unless of course the purpose is to see more than you are supposed to see.
What can I say , thank you I was waiting your reply
The programming skills is good to make such a big mod but in reverse engineering I should start
In gtaforums there was a guy told me that you are pr0 reverse engineer any way
What programs you suggest me to use?
Is there any way to make a NPC shot? Can I get an address for that or I change the entire functions that seems like hell
We debug the game exe or the main DLL?
(All that questions not about GTAvc it in another game)
You made my day ;D
Quote from: maxorator on Jun 12, 2017, 01:15 PMGeneral debugging, reverse engineering and modding talk is okay. There's no point trying to limit it here as there are many places to find information about it. And it is good that this information is easily accessible as modding is something that should be encouraged.
Specific details about modding Vice City is also acceptable as long as the information is not specifically focused on providing easy copy-pasteable hacks (offsets to health, armor, places to NOP to disable all damage, etc).
However, if you're interested in these topics you should probably visit GTAForums&co just because they have a lot of content about it and a lot of people who deal with it (maybe not with VC so much anymore though).
As for VC:MP-specific reverse engineering, I would rather not have people share much details about it here. If you are developing some modification for your own personal use (which is fine as long as you don't use it on other people's servers), then you should already be proficient enough in reverse engineering and modding beforehand anyway to find functions and offsets on your own. Only the offsets and function locations are not enough to make anything of value anyway, so without general reverse engineering and programming skills you can't really make anything more than simple hacks or small visual changes anyway.
Sharing anything related to changing VC:MP visually on your side only (colors, graphics quality, etc) is totally fine though, unless of course the purpose is to see more than you are supposed to see.
Agreed.
Security through obscurity is worse than no security.Anyways, the reason why I wanted to know this is mainly due to humans' nature to seek knowledge since I don't like knowing things I don't know about and also because I want to create a multiplayer modification for educational purposes.
The only thing I got off of this is a text injector.
Some program with hotkeys, Like 'F5', '1'.
F5 might enforce the automatically inputed key in game t/login [yoursecretepassword]
The user could press enter.
1 might be t/vehicle [somefavoriteVehID]
If you were thinking of something like this you could ask your favorite server owner to build a specialty program for there server commands.
From replacing the programs default password with the F5 key, To modifying the /vehicle [id].
Not saying you would do a login like that. Only specialty stuff. Didn't read the other posts :P
i got that static address ntdll.dll+DE410
what is the address of ntdl.dll how can i find it?
Quote from: Zeyad Ahmed on Jun 13, 2017, 05:21 AMi got that static address ntdll.dll+DE410
what is the address of ntdl.dll how can i find it?
Maybe you are wrong. ntdll.dll is a system dll.
Use GetModuleHandle("ntdll.dll") can get its base address.
Quote from: ysc3839 on Jun 13, 2017, 08:03 AMQuote from: Zeyad Ahmed on Jun 13, 2017, 05:21 AMi got that static address ntdll.dll+DE410
what is the address of ntdl.dll how can i find it?
Maybe you are wrong. ntdll.dll is a system dll.
Use GetModuleHandle("ntdll.dll") can get its base address.
yea sorry
it was duke_base.dll any way
there is some problems like getting the base addresses as i said it like finding a needle in the hay!
even youtube tuts doesnt help !
is it easy to find a memory hacker to teamup
:v like how vcmp has team and so on ;v
I hacked vcmp-game.dll and made it reconnect me when I get kicked :)
The no-reconnect-after-kick was a feature I always hated anyways.
(no, I haven't given the patched DLL to anyone)
Took about 2 hours of searching good tutorials on youtube, about 1 hour of watching a tutorial I found to be quite informative, about 10 minutes doing what the tutorial told me to do, about 30 minutes to switch to and get familiar with x64dbg, about 30 more minutes to make it reconnect me after I get kicked and about 5 minutes of figuring out how to save the modified file. A grand total of about 255 minutes.
Somehow I don't think anyone in this topic actually knows what's the point of it. Probably because the OP failed to be a bit more explicit about what he meant with certain therms that he used. This topic wen't from an ambiguous question to a debate on ethics.
What do you mean by "
command"? Actually, scratch that. What do you think a command really is? I mean. It's just baffling to me that everything here seems to be about commands. Yes, you command the computer to do a lot of things. But I don't think meant it in that sense. So what do you
really mean when you say "
command"? Can you define it? Can you describe it? Because there's a lot of ambiguity here.
- I want to inject Squirrel code from a third party application. So, according to this. Squirrel code is just a command? Again, proves how little homework you've done before asking the question.
- I want to inject assembly code that modifies the game logic from a third party application. So, according to this. Assembly code in your computer is just a bunch of commands? (technically yes. they're commands to the CPU. but again, I doubt you meant it in that sense)
- So what in the actual f* do you mean with "command"? "commands" here, "commands" there. What kind of commands we're talking about?
Can you describe the actual process that you intend to understand by asking this question? Let us figure the main point of this question and then proceed to ethics and actually see if there's even an answer to this crap.
Why do you people always have to be so ambiguous? When you do that, you only prove that you don't know what you want. And the whole topic turns into this off-topic sh!t.
From what I could gather so far is that you want to make a bot that controls the player so you don't have to.
Quote from: . on Jun 14, 2017, 05:14 PMSomehow I don't think anyone in this topic actually knows what's the point of it. Probably because the OP failed to be a bit more explicit about what he meant with certain therms that he used. This topic wen't from an ambiguous question to a debate on ethics.
What do you mean by "command"? Actually, scratch that. What do you think a command really is? I mean. It's just baffling to me that everything here seems to be about commands. Yes, you command the computer to do a lot of things. But I don't think meant it in that sense. So what do you really mean when you say "command"? Can you define it? Can you describe it? Because there's a lot of ambiguity here.
- I want to inject Squirrel code from a third party application. So, according to this. Squirrel code is just a command? Again, proves how little homework you've done before asking the question.
- I want to inject assembly code that modifies the game logic from a third party application. So, according to this. Assembly code in your computer is just a bunch of commands? (technically yes. they're commands to the CPU. but again, I doubt you meant it in that sense)
- So what in the actual f* do you mean with "command"? "commands" here, "commands" there. What kind of commands we're talking about?
Can you describe the actual process that you intend to understand by asking this question? Let us figure the main point of this question and then proceed to ethics and actually see if there's even an answer to this crap.
Why do you people always have to be so ambiguous? When you do that, you only prove that you don't know what you want. And the whole topic turns into this off-topic sh!t.
From what I could gather so far is that you want to make a bot that controls the player so you don't have to.
yea injecting assemly code!
ok.
There is a game called Duke Nukem: Manhattan Project , I can spawn another player but when the man player got jetpack the other one get too i want to know how to inject assembly code to the game that make the NPC or the another spawned player that i cant control him to shoot and move to specific coordinates.
What i want is example to the assembly code that can be injected to do that, and how that and so on!
Well, in that case we're indeed talking about bots. So we really do need to get into ethics because... cheating. Regardless of how you look at it, that information leads straight to cheating. Definitely not you, I mean, you probably won't get any further than copying that example. Let alone compiling it, injecting it and maintaining it (updating offsets and adjusting for changes after each update).
At which point this topic does (or will) represent an "issue" to the developers. No matter how nice and OK they seem to be with it now. We're going to reach that point where they'll need deal with it in a less than friendly manner.
Quote from: . on Jun 14, 2017, 06:38 PMWell, in that case we're indeed talking about bots. So we really do need to get into ethics because... cheating. Regardless of how you look at it, that information leads straight to cheating. Definitely not you, I mean, you probably won't get any further than copying that example. Let alone compiling it, injecting it and maintaining it (updating offsets and adjusting for changes after each update).
At which point this topic does (or will) represent an "issue" to the developers. No matter how nice and OK they seem to be with it now. We're going to reach that point where they'll need deal with it in a less than friendly manner.
While the developers do the exact same thing all day long (<<< exaggerated), right?
ok there is small script to set the health value into 100
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
mov [edx],#100
originalcode:
//mov [edx],ax
mov eax,[esi+0000111C]
exit:
jmp returnhere
"duke_base.dll"+793A3:
jmp newmem
nop
nop
nop
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"duke_base.dll"+793A3:
mov [edx],ax
mov eax,[esi+0000111C]
//Alt: db 66 89 02 8B 86 1C 11 00 00
Where is the offsets and addresses? are the offsets is 793A3?
sorry for double post it a server timeout problem
Quote from: Zeyad Ahmed on Jun 16, 2017, 05:58 AMok there is small script to set the health value into 100
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
mov [edx],#100
originalcode:
//mov [edx],ax
mov eax,[esi+0000111C]
exit:
jmp returnhere
"duke_base.dll"+793A3:
jmp newmem
nop
nop
nop
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"duke_base.dll"+793A3:
mov [edx],ax
mov eax,[esi+0000111C]
//Alt: db 66 89 02 8B 86 1C 11 00 00
Where is the offsets and addresses? are the offsets is 793A3?
Quote from: . on Jun 14, 2017, 06:38 PMDefinitely not you, I mean, you probably won't get any further than copying that example. Let alone compiling it, injecting it and maintaining it (updating offsets and adjusting for changes after each update).
Quote from: EK.IceFlake on Jun 16, 2017, 07:41 AMQuote from: Zeyad Ahmed on Jun 16, 2017, 05:58 AMok there is small script to set the health value into 100
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
mov [edx],#100
originalcode:
//mov [edx],ax
mov eax,[esi+0000111C]
exit:
jmp returnhere
"duke_base.dll"+793A3:
jmp newmem
nop
nop
nop
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"duke_base.dll"+793A3:
mov [edx],ax
mov eax,[esi+0000111C]
//Alt: db 66 89 02 8B 86 1C 11 00 00
Where is the offsets and addresses? are the offsets is 793A3?
Quote from: . on Jun 14, 2017, 06:38 PMDefinitely not you, I mean, you probably won't get any further than copying that example. Let alone compiling it, injecting it and maintaining it (updating offsets and adjusting for changes after each update).
i didnt understand?! what SLC means?
Quote from: Zeyad Ahmed on Jun 16, 2017, 07:52 AMQuote from: EK.IceFlake on Jun 16, 2017, 07:41 AMQuote from: Zeyad Ahmed on Jun 16, 2017, 05:58 AMok there is small script to set the health value into 100
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
mov [edx],#100
originalcode:
//mov [edx],ax
mov eax,[esi+0000111C]
exit:
jmp returnhere
"duke_base.dll"+793A3:
jmp newmem
nop
nop
nop
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"duke_base.dll"+793A3:
mov [edx],ax
mov eax,[esi+0000111C]
//Alt: db 66 89 02 8B 86 1C 11 00 00
Where is the offsets and addresses? are the offsets is 793A3?
Quote from: . on Jun 14, 2017, 06:38 PMDefinitely not you, I mean, you probably won't get any further than copying that example. Let alone compiling it, injecting it and maintaining it (updating offsets and adjusting for changes after each update).
i didnt understand?! what SLC means?
The potential hacker thing doesn't apply to you because all you can do is copy it. You will not be able to progress any further.
Quote from: EK.IceFlake on Jun 16, 2017, 11:00 AMQuote from: Zeyad Ahmed on Jun 16, 2017, 07:52 AMQuote from: EK.IceFlake on Jun 16, 2017, 07:41 AMQuote from: Zeyad Ahmed on Jun 16, 2017, 05:58 AMok there is small script to set the health value into 100
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
mov [edx],#100
originalcode:
//mov [edx],ax
mov eax,[esi+0000111C]
exit:
jmp returnhere
"duke_base.dll"+793A3:
jmp newmem
nop
nop
nop
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"duke_base.dll"+793A3:
mov [edx],ax
mov eax,[esi+0000111C]
//Alt: db 66 89 02 8B 86 1C 11 00 00
Where is the offsets and addresses? are the offsets is 793A3?
Quote from: . on Jun 14, 2017, 06:38 PMDefinitely not you, I mean, you probably won't get any further than copying that example. Let alone compiling it, injecting it and maintaining it (updating offsets and adjusting for changes after each update).
i didnt understand?! what SLC means?
The potential hacker thing doesn't apply to you because all you can do is copy it. You will not be able to progress any further.
he means that i will not understand? maybe i can improve the example?
i came her for an answer!