Great video! Thanks a lot!

can you game me the link to download the file you use to hack pls. pls rep me quick

Funny story, ya don't need to use virtual alloc, u can just change the page protection type to "Page_exec_readwrite" and achieve similar results

I have software that checks for cpu temperature on the VM ! how to spoof it ?

Question, does this static address remain valid after a game fresh restart?

ended up writing my own thing... now it is AWESOME, why? i can just automatically place the hex digits... which makes it work on both x86 and x64 (it is awesome) it is as easy as going to an asm to hex converter, and writing a function to place those hex bytes into a byte vector, i then copy the data to my detour, and of course call the hook function and making a copy of the original code, allowing me to make an unhook function, it also nops any additional bytes by actually checking if our instruction is bigger than 5 and if it is? it will just nop them out so no need for a mangled bytes variable... yay!, i then manually write the asm code needed... and we are done, it works flawlessly, anyway... this tutorial was awesome! i learned so much... i had 0 knowledge before

Thank you for this video. Can you guide me some steps to read other information of the games like: kill/losses, win/lose,.. Great video by the way!

Nice video. Sharing code outside patreon would be nice

Bro, how did you manage to put the entire program on a singlr graph? It is no easy task. Please enlighten us

pretty sure i cant just watch this with zero knowledge on anything lol.

Did anyone ever notice the obfuscated cheats were from the base game? (From ancient memory it seems to align)

thanks for ur tutorial i learnt how to get the pointers and stuff but. i have pointerscan results and they all point to ammo. even when the game resets and the pointer changes the ponterscans are still valid. i created a program to read and write value to a memory address but the memory address needs to be manually corrected every time. idk how to automatically get the correct addresses and i’m stuck on it

what if i change the type from 4 bytes to float and it turns into weird numbers and letters , do i change it back?

I saw Age of Empire and reverse engineering immediately subbed❤

As an old cracker/ trainermaker : You don’t need to understand the game. You just need to know what you want to influence. Then take memory snapshots at certain stages and compare. See the changes and then go into detail. That’s trainer making Oldskool.

u think my aoe1 game is better than my aoe2 game? all ur videos is RE on aoe1

try reverse aegis

Wouldn't piggybagging on one of the existing dll's be better? So for example it probably uses winmm.dll or some d3d dll. If you put that in the same directory as the executable; it'll get loaded first. You stub/forward all the functions and put your own stuff in one of the ones that gets called. That way you don't need admin elevation to inject yourself into the other process

Hi, excellent video, however i have a question about the first software with the printf, where did you see what was needed for the "printf" function ? I'm asking that because for example, if you reverse engineer whatever software, how do we know the parameters used for that function ? nvm i'm new so i'm sorry if my question sound a little bit dumb :D

I thought windows will always give you random memory addresses, but you apply patching to the same address all the time. I don't get it.

Thankyou for this video, very interested! Can you show me step by step when get Address of resources ingame to value base address 0x001830F4 of memory_ptr resource_hack_ptr param in code, and the offsets. In video you talk and action to fast, i can't follow. I'm newbie for this technology, and i want to practice with this game, I want get some info ingame some thing like player's civil, total gold corrected, kill/losses, win/lose ... can you give some advice? thank in advance, and sorry for my poor English!

Nice tutorial !. It's possible to inject a .Net Framework DLL ?. Thx

PLS Find for me address at time 2:24

what about x64 hook tutorial?

When you find an awesome channel and they haven't uploaded in 2 years :(

i dont understand, what we are doing is reading a pointer that points to a pointer that points to a pointer and so on until the last pointer points to the actual memory adress or are we just adding the known offsets? and if thats the case, why couldnt we just store the sum of all of the offsets and add that instead of storing all of them and adding them one by one? if i press "pointer scan for this adress" and it tells me there is a base adress an then 2 offsets, offset 0 is 10 and offset 1 is 154, then what im looking for is base adress + (10 + 154) and if i go there i should find the memory location im looking for right? also when cheat engine says 10, does it mean decimal 10 or hexadecimal 10, wich would be 16?

Very interesting! Maybe you have heard that ubisoft has shut down The Crew 1, an always online racing game that has an integrated offline mode not available for normal players. Could the same or a similar method be used to make this offline mode available?

Age of mythology resources doesnt work the same with resources. Can you explain why? For example, if i have 250 and change to 200, it wont show up.

#BoycottPatreon for providing services to rashian war criminals like WarGonzo

Is it possible to do this in an online games like ragnarok online?

the process reminds me of MelonLoader, which is easier to load custom dll into a game

For anyone it might concern: if you're using WCHAR (wchar_t) type in case of unicode and you're using LoadLibraryW, then you need to use wcslen for the string length. And not only that, wcslen only returns the length in wide-char units, and since VirtualAllocEx and WriteProcessmemory expects it in byte units, you must multiply the string length by sizeof(WCHAR), which commonly is 2 bytes. TLDR; dllPathBytes = (wcslen(dllFullPath) + 1) * sizeof(WCHAR)

how can we detedt this type of vulnerabilitys on a web app using burp

I'm having issues trying to find the value for a timer. For example, I'm playing the combat mission series. I want to find the timer for how long it takes for artillery shells to fire. I can easily find the address to modify the amount of ammunition I have but I'm having issues finding the address that relates to how long it takes for the ammunition to fire. It has a 9 minute timer but I'd like to change it to 1. I've tried searching for 9 and trying to find it while it's counting down but no luck. How would you approach this scenario?

Very clear and to the point, you are a great teacher, love your style. TYVM

This is excellent and definitely more interested in a more robust DLL injection solution.

can i deal with mono.dll like you used the LoadLibraryA and run it in thread inside the target process but i will use for ex mono_get_root_domain ???

Great video. I have two things I don't understand: What is the purpose of poping the return address at the start? Why are the instruction overwritten by the jump being pushed onto the stack instead of where the instruction pointer will be looking at?

I wanna add new civs to settlers 4 not sure if that is possible but I dont even understand reverse engineering so that is the biggest barrier.

Is this technique also work on Ghidra, I'm newbie and I've been trying to reverse a game coded in C++ called Rise and Fall Civilisation at war

Hello sir AVIATOR GAME hacking videos please sir..

What program are you using scan the memory locations?

How do you locate the address of the patch without knowing it in the first place? And how do you know what values to overwrite it with to achieve the function you want?

So the most secure way is to use magic bytes?

Can this be done for Age of Empires II: The Conquerors?

i watch dll injection tutorial for "educational" purpose 😏

You have an error in your code. You should get rid of the [::-1] I will explain: In the video at 10:01 the codes(in little edian hex dump) are the following: 78 68 00 00 5f 2a 00 00 but because memory is in *little endian* , the codes are really: 6878h 2a5fh ... you copied the codes into python in little endian form(meaning, already "swapped")... This code really swaps the bytes 8:50 mov ecx, dword[....] ; *loads 6878h into ecx NOT 7868* move edx,ecx ; ditto into edx sar edx,0x8 ; now edx holds 68h mov byte[eax],dl ;68h is loaded into LOW memory inc eax ; advance memory pointer move byte[eax],cl ;78h is loaded into HIGHER memory *The value loaded into ecx is 6878h NOT 7868h, and the value written into memory pointed to by eax is 7868h NOT 6878h* You copied the codes into the python array directly from hex dump in little endian format, thus the python does not need [::-1], as you already inadvertently swapped the bytes when copying.