Function hooking, detours, inline asm & code caves [Game Hacking 101]
Рет қаралды 33,931
Күн бұрынOur game hacking binary patching approach so far has been focused on making small changes to the way that the game works. But what happens if we want to do something which takes up more space than we actually have available to us?
🎮 Game Hacking 101 Playlist ➝ • Game Hacking 101
👮 Fair use of copyrighted material in the context of Age of Empires (video game); en.wikipedia.o...
⛔ Material presented for offline learning purposes only. No content regarding modern online games or detection bypass techniques will be discussed.
🏆 The 247CTF channel is dedicated to teaching Capture The Flag fundamentals. If you want to improve your technical skills and succeed in Capture The Flag competitions, make sure to subscribe!
🏁 The 247CTF is a free Capture The Flag learning environment where you can improve your technical skills by solving challenges and recovering flags. You can join now for free at 247CTF.com/.
📺 Subscribe for more Capture The Flag videos!
🏆 Solve CTF Challenges ➝ 247CTF.com/
🐦Stay up to date ➝ / 247ctf
🥰 Support the 247CTF ➝ / 247ctf
💬 Discuss and learn ➝ / discord
📌Free flag ➝ 247CTF{9719c5ddf317154473d334f47a77ac6a}
📝 Icons made by Freepik & Monkik from Flaticon.com
🚨 247CTF’s channel videos are intended for educational purposes only. Methods and techniques discussed are not to be used for illegal activities against unauthorised systems.
@247CTF 3 жыл бұрын
🤡🤡🤡 TFW loosing recording footage and gaining ASLR 🤡🤡🤡
@puntangerslx2772 Жыл бұрын
is this ARM?
@Kaichiing 3 жыл бұрын
Wow, your gamehacking Videos are the best i ever found .. thank you so much for this! Gonna watch them all!! Finally someone who can explain Well and talks about the concepts of gamehacking :)
@247CTF 3 жыл бұрын
Glad you like them!
@gameplayoffert1326 2 ай бұрын
Hi, excellent video, however i have a question about the first software with the printf, where did you see what was needed for the "printf" function ? I'm asking that because for example, if you reverse engineer whatever software, how do we know the parameters used for that function ? nvm i'm new so i'm sorry if my question sound a little bit dumb :D
@247CTF 2 ай бұрын
I know from playing the game and guessed the format of the format specifier
@hodayfa000h 16 сағат бұрын
ended up writing my own thing... now it is AWESOME, why? i can just automatically place the hex digits... which makes it work on both x86 and x64 (it is awesome) it is as easy as going to an asm to hex converter, and writing a function to place those hex bytes into a byte vector, i then copy the data to my detour, and of course call the hook function and making a copy of the original code, allowing me to make an unhook function, it also nops any additional bytes by actually checking if our instruction is bigger than 5 and if it is? it will just nop them out so no need for a mangled bytes variable... yay!, i then manually write the asm code needed... and we are done, it works flawlessly, anyway... this tutorial was awesome! i learned so much... i had 0 knowledge before
@turboimport95 2 жыл бұрын
Brother Can you please do a code cave video on x64 games or x64 process?, because Vs does not support 64 bit asm inlineing. Very difficult to find any info on code caves with x64. Because most games now days are x64. Makes byte manipulation terrible because Cant inline it. I Can only Patch the bytes if the size don't change. I would love to see a template made just for code caves asm inline or something we can use. I really don't see how cheat engine can do the asm inline in its scripts, be nice to figure that out. Thanks bro I love your videos they are sweet.😁
@247CTF 2 жыл бұрын
Good idea, I'll add it to the todo list! If the space is too big, you can try nop'ing it!
@sharkbyteprojects9160 Жыл бұрын
I am not sure but i read somewhere about a forced security thing in windows x64 that prevents execution of code in the process stack and heap.
@karamu451 Жыл бұрын
I would also love this, im struggling lol
@danielneville3997 2 жыл бұрын
Great explanation that applies to so much more than just games, ended up here while looking into the pegasus sypware and really enjoyed it! Cheers :D
@247CTF 2 жыл бұрын
Glad I could help!
@LowLevelLemmy 3 жыл бұрын
wololololo I love this video 🤗
@247CTF 3 жыл бұрын
😡 .. 😇
@m0rsmordre 2 жыл бұрын
I miss your game hacking tutorials :(
@247CTF 2 жыл бұрын
Me too 😣
@shrub4248 3 жыл бұрын
Excellent video! I'm learning so much. I see that adding and removing the instructions misaligns the bytes in the file. Why can you not simply increase the file size and push the bytes back so they aren't affected? Will that mess up pointers and addresses?
@247CTF 3 жыл бұрын
Glad it was helpful! Doing that will likely break a bunch of stuff, for example if there are absolute jumps/references to values.
@m0rsmordre 3 жыл бұрын
Good job keep going bro, will be waiting send/recv packet tutorial ^^
@247CTF 3 жыл бұрын
Coming soon!
@markstein2500 3 жыл бұрын
really solid stuff!
@247CTF 3 жыл бұрын
Thanks!
@punch3n3ergy37 3 жыл бұрын
I really appreciate that you're talking slowly so that we can follow easily. Thanks!
@247CTF 3 жыл бұрын
You're welcome and glad you noticed! Takes some practise!
@PROJECTJoza100 Жыл бұрын
Thank you a lot of this. Just got this recommended to me randomly and now I want to reverse again! Great tutorial!
@247CTF Жыл бұрын
Good luck!
@PROJECTJoza100 Жыл бұрын
@@247CTF thank you!!
@syfler1266 4 ай бұрын
what about x64 hook tutorial?
@felepec1596 3 жыл бұрын
I’m just getting started and the asm part kinda confuses me. Sorry, but apart from writing the instructions that were overwritten, what’s the reason behind the rest? Can’t I rewrite the overwritten stuff, do my code and jump back to the program’s flow? I’ve seen another hook video and that’s what he does, though yours sure looks better.
@247CTF 3 жыл бұрын
There are a number of ways to do this. When you call a function 'normally' that call will result in a 'bunch of stuff' happening (epilogue). The idea with the inline asm is to control the call, so we can access the data we want and return execution back to where we started so the program continues to function.
@ryusaki6902 Жыл бұрын
I might be late to ask this, but why is 2D = E5 at 3:53? Good content though. Thanks.
@247CTF Жыл бұрын
en.wikipedia.org/wiki/Address_space_layout_randomization I didn't take good screenshots while recording. Do voice over separately and didn't want to re-record.
@sharkbyteprojects9160 Жыл бұрын
Useful content, but if you use malloc, you should free the memory with free after use (9:36)
@247CTF Жыл бұрын
Probably should, but the OS will clean this up when the game process closes anyway
@RandomRepository1024 Жыл бұрын
And in 64 bits?
@247CTF 6 ай бұрын
Could ask the devs to recompile the game?
@Guregue Жыл бұрын
for what you make this variable "patch_cliprgn" ?? #12:45 are u not using it =v im confuse... how your ASM code knows where he will be injected?
@247CTF 6 ай бұрын
The value is found earlier, it's the address to be hooked
@SlightControl 9 ай бұрын
Great video. I have two things I don't understand: What is the purpose of poping the return address at the start? Why are the instruction overwritten by the jump being pushed onto the stack instead of where the instruction pointer will be looking at?
@247CTF 6 ай бұрын
The value is popped so we know where to return back to before the value is overwriten
@Deepankarsingh1993 3 жыл бұрын
Good video, I need help with retrieving the data with detours Example : getting player current level or health and perform action based on it
@247CTF 3 жыл бұрын
Not sure without an example. The game hacking playlist should show you how to do something similar though.
@sylvesterrac3792 8 ай бұрын
Very clear and to the point, you are a great teacher, love your style. TYVM
@247CTF 6 ай бұрын
Thank you! 😊
@evandrix 3 жыл бұрын
warning C4244: 'argument': conversion from 'time_t' to 'unsigned int', possible loss of data
@247CTF 3 жыл бұрын
☠️
@hodayfa000h 2 күн бұрын
it is a warning who cares
@youhackforme 3 жыл бұрын
Wow this was a really professional and extremely informative guide! I like it! One thing to note, it would be great if you toned down the number of times you show your logo in full screen between sections. It gets extremely distracting. A wipe or dissolve may be better. I would also appreciate if you mentioned the names of the tools you were using. Lastly, why did you push the overwritten instructions to the stack during cleanup in your example patch? Wouldn't that change the stack?
@247CTF 3 жыл бұрын
Thanks for the feedback! Have previously been asked to not use dissolve or wipes as people don't like the "motion feeling" - can't please everyone!
@youhackforme 3 жыл бұрын
@@247CTF maybe a good alternative is a sideways shift? Essentially the problem is that the full screen logo covers content and breaks trains of thought. So any way that avoids doing that would be helpful
ГИПЕРБОРЕЙ
Рет қаралды 591 М.
247CTF
Рет қаралды 6 М.
NaXx
Рет қаралды 1,2 МЛН
Winderton
Рет қаралды 306 М.