Function hooking, detours, inline asm & code caves [Game Hacking 101]

Поделиться
HTML-код
  • Опубликовано: 27 ноя 2024

Комментарии • 52

  • @247CTF
    @247CTF  3 года назад +14

    🤡🤡🤡 TFW loosing recording footage and gaining ASLR 🤡🤡🤡

  • @punch3n3ergy37
    @punch3n3ergy37 3 года назад +5

    I really appreciate that you're talking slowly so that we can follow easily.
    Thanks!

    • @247CTF
      @247CTF  3 года назад

      You're welcome and glad you noticed! Takes some practise!

  • @Kaichiing
    @Kaichiing 3 года назад +8

    Wow, your gamehacking Videos are the best i ever found .. thank you so much for this!
    Gonna watch them all!!
    Finally someone who can explain Well and talks about the concepts of gamehacking :)

    • @247CTF
      @247CTF  3 года назад +2

      Glad you like them!

  • @danielneville3997
    @danielneville3997 2 года назад +7

    Great explanation that applies to so much more than just games, ended up here while looking into the pegasus sypware and really enjoyed it! Cheers :D

    • @247CTF
      @247CTF  2 года назад +2

      Glad I could help!

  • @PROJECTJoza100
    @PROJECTJoza100 Год назад +3

    Thank you a lot of this. Just got this recommended to me randomly and now I want to reverse again! Great tutorial!

  • @sylvesterrac3792
    @sylvesterrac3792 10 месяцев назад

    Very clear and to the point, you are a great teacher, love your style. TYVM

    • @247CTF
      @247CTF  8 месяцев назад

      Thank you! 😊

  • @hodayfa000h
    @hodayfa000h Месяц назад

    ended up writing my own thing... now it is AWESOME, why? i can just automatically place the hex digits... which makes it work on both x86 and x64 (it is awesome) it is as easy as going to an asm to hex converter, and writing a function to place those hex bytes into a byte vector, i then copy the data to my detour, and of course call the hook function and making a copy of the original code, allowing me to make an unhook function, it also nops any additional bytes by actually checking if our instruction is bigger than 5 and if it is? it will just nop them out so no need for a mangled bytes variable... yay!, i then manually write the asm code needed... and we are done, it works flawlessly, anyway... this tutorial was awesome! i learned so much... i had 0 knowledge before

    • @247CTF
      @247CTF  4 дня назад

      Nice work, that tool sounds great!

  • @m0rsmordre
    @m0rsmordre 2 года назад +4

    I miss your game hacking tutorials :(

    • @247CTF
      @247CTF  2 года назад +2

      Me too 😣

  • @m0rsmordre
    @m0rsmordre 3 года назад +3

    Good job keep going bro, will be waiting send/recv packet tutorial ^^

    • @247CTF
      @247CTF  3 года назад

      Coming soon!

  • @shrub4248
    @shrub4248 3 года назад +5

    Excellent video! I'm learning so much.
    I see that adding and removing the instructions misaligns the bytes in the file. Why can you not simply increase the file size and push the bytes back so they aren't affected? Will that mess up pointers and addresses?

    • @247CTF
      @247CTF  3 года назад +6

      Glad it was helpful! Doing that will likely break a bunch of stuff, for example if there are absolute jumps/references to values.

  • @markstein2500
    @markstein2500 3 года назад +5

    really solid stuff!

  • @gameplayoffert1326
    @gameplayoffert1326 4 месяца назад +1

    Hi, excellent video, however i have a question about the first software with the printf, where did you see what was needed for the "printf" function ? I'm asking that because for example, if you reverse engineer whatever software, how do we know the parameters used for that function ? nvm i'm new so i'm sorry if my question sound a little bit dumb :D

    • @247CTF
      @247CTF  4 месяца назад

      I know from playing the game and guessed the format of the format specifier

  • @SlightControl
    @SlightControl 11 месяцев назад

    Great video. I have two things I don't understand: What is the purpose of poping the return address at the start? Why are the instruction overwritten by the jump being pushed onto the stack instead of where the instruction pointer will be looking at?

    • @247CTF
      @247CTF  8 месяцев назад

      The value is popped so we know where to return back to before the value is overwriten

  • @youhackforme
    @youhackforme 3 года назад +4

    Wow this was a really professional and extremely informative guide! I like it! One thing to note, it would be great if you toned down the number of times you show your logo in full screen between sections. It gets extremely distracting. A wipe or dissolve may be better.
    I would also appreciate if you mentioned the names of the tools you were using.
    Lastly, why did you push the overwritten instructions to the stack during cleanup in your example patch? Wouldn't that change the stack?

    • @247CTF
      @247CTF  3 года назад +4

      Thanks for the feedback! Have previously been asked to not use dissolve or wipes as people don't like the "motion feeling" - can't please everyone!

    • @youhackforme
      @youhackforme 3 года назад +1

      @@247CTF maybe a good alternative is a sideways shift? Essentially the problem is that the full screen logo covers content and breaks trains of thought. So any way that avoids doing that would be helpful

  • @sharkbyteprojects9160
    @sharkbyteprojects9160 Год назад +1

    Useful content, but if you use malloc, you should free the memory with free after use (9:36)

    • @247CTF
      @247CTF  Год назад +1

      Probably should, but the OS will clean this up when the game process closes anyway

  • @LowLevelLemmy
    @LowLevelLemmy 3 года назад +2

    wololololo I love this video 🤗

    • @247CTF
      @247CTF  3 года назад +3

      😡 .. 😇

  • @felepec1596
    @felepec1596 3 года назад +1

    I’m just getting started and the asm part kinda confuses me.
    Sorry, but apart from writing the instructions that were overwritten, what’s the reason behind the rest? Can’t I rewrite the overwritten stuff, do my code and jump back to the program’s flow? I’ve seen another hook video and that’s what he does, though yours sure looks better.

    • @247CTF
      @247CTF  3 года назад +1

      There are a number of ways to do this. When you call a function 'normally' that call will result in a 'bunch of stuff' happening (epilogue). The idea with the inline asm is to control the call, so we can access the data we want and return execution back to where we started so the program continues to function.

  • @Deepankarsingh1993
    @Deepankarsingh1993 3 года назад

    Good video, I need help with retrieving the data with detours
    Example : getting player current level or health and perform action based on it

    • @247CTF
      @247CTF  3 года назад

      Not sure without an example. The game hacking playlist should show you how to do something similar though.

  • @ryusaki6902
    @ryusaki6902 Год назад +1

    I might be late to ask this, but why is 2D = E5 at 3:53?
    Good content though. Thanks.

    • @247CTF
      @247CTF  Год назад

      en.wikipedia.org/wiki/Address_space_layout_randomization
      I didn't take good screenshots while recording. Do voice over separately and didn't want to re-record.

  • @turboimport95
    @turboimport95 2 года назад +3

    Brother Can you please do a code cave video on x64 games or x64 process?, because Vs does not support 64 bit asm inlineing. Very difficult to find any info on code caves with x64. Because most games now days are x64. Makes byte manipulation terrible because Cant inline it. I Can only Patch the bytes if the size don't change. I would love to see a template made just for code caves asm inline or something we can use. I really don't see how cheat engine can do the asm inline in its scripts, be nice to figure that out. Thanks bro I love your videos they are sweet.😁

    • @247CTF
      @247CTF  2 года назад +1

      Good idea, I'll add it to the todo list! If the space is too big, you can try nop'ing it!

    • @sharkbyteprojects9160
      @sharkbyteprojects9160 Год назад

      I am not sure but i read somewhere about a forced security thing in windows x64 that prevents execution of code in the process stack and heap.

    • @karamu451
      @karamu451 Год назад

      I would also love this, im struggling lol

  • @Guregue
    @Guregue Год назад

    for what you make this variable "patch_cliprgn" ?? #12:45 are u not using it =v im confuse... how your ASM code knows where he will be injected?

    • @247CTF
      @247CTF  8 месяцев назад

      The value is found earlier, it's the address to be hooked

  • @syfler1266
    @syfler1266 6 месяцев назад

    what about x64 hook tutorial?

  • @RandomRepository1024
    @RandomRepository1024 Год назад +1

    And in 64 bits?

    • @247CTF
      @247CTF  8 месяцев назад

      Could ask the devs to recompile the game?

  • @evandrix
    @evandrix 3 года назад

    warning C4244: 'argument': conversion from 'time_t' to 'unsigned int', possible loss of data

    • @247CTF
      @247CTF  3 года назад +1

      ☠️

    • @hodayfa000h
      @hodayfa000h Месяц назад

      it is a warning who cares