[TUTORIAL] Creating A File Patcher [Part1]
In this tutorial I will be teaching you how to make a file patcher for AssaultCube. I started to rush the tutorial towards the end so if i have made a mistake or left something out just reply and I will add/fix it.
Also If someone could make a video tutorial out of this (with voice not notepad) as it is very long and would be easier to watch.
Table of Contents:
1. Step 1 (Preperation)
2. Step 2 (Attaching OllyDBG to AssaultCube)
3. Step 3 (Finding Addresses)
4. Step 4 (Saving The modified file)
5. Step 5 (Finding The Differences)
6. Step 6 (Making The Patch)
7. Step 7 (Patching AssaultCube)
Visual Basic 2010 Express (Or a later version of the software)
Step 1 (Preparation):
Before we start to do anything you must first download and install all of the programs listed above as well as a backup of the un-modified 'ac_client.exe'.
Installing Visual Basic 2010
To install visual basic 2010 express simply download the web installer above and go through the install dialog as you would with any other program.
To install HxD, click on the link above and select which language you would like, after downloading run the installer and go thought the install dialog as you would with any other program.
Unlike the other two files, OllyDBG Does not need to be installed, instead it comes inside a .zip file which you simply extract to a folder on your computer.
To install AssaultCube, click on the link above and select windows at the right side, after downloading run the installer and go thought the install dialog as you would with any other program.
Backing Up 'ac_client.exe'
In the method used in this tutorial you will need a back up of the original file to compare to a modifies version, to do this simply go to the installation folder for AssaultCube (Default: C:\Program Files (x86)\AssaultCube_v22.214.171.124) and double click the 'bin_win32' folder, once inside this folder copy the file 'ac_client' to your desktop.
Step 2(Attaching OllyDBG To AssaultCube):
To attach OllyDBG to AssaultCube you will first need to run AssaultCube and OllyDBG.
After both programs are running, in OllyDBG click on File>Attach
After you click 'Attach' a new window (below) will pop-up
As you can see in the image above you must select 'ac_client' and then click 'Attach'.
After OllyDBG has 'Attached' to ac_client, click the play button (below)
Step 3 (Finding Addresses):
The next step is to find the addresses of the assembly code we want to change.
Finding the ammo address:
The first step is to press 'Ctrl+G', a window will pop-up (Below).
After the window pops-up, paste the address '0045B75F' into the textbox and click 'OK'.
After you click 'OK' you will be taken to the address (Below), from here write the bytes (FF0E) into notepad.
Next double click the address and a new window will pop-up (below).
In the image above you can see 'DEC' in the textbox, change this to 'INC' and click 'Assemble'.
Now if you look at the bytes again you will notice that they have changed and the new byte is highlighted red (below).
Finally write down the new bytes (FF06) into notepad.
Finding the recoil address:
Like with finding the ammo address the first step is to press 'Ctrl+G' but his time pasting the address '0045B70A'
After you click 'OK' you will be taken to the address below in OllyDBG.
Next write the bytes highlighted above into notepad e.g.:
The format above is the easiest for the next steps.
Now that you have wrote all the addresses into notepad, double click the first address, a window will once again pop-up but instead of changing one of the commands, this time just replace all the text with 'NOP' (below).
After pasting 'NOP' into the textbox click 'Assemble' until all of the addresses highlighted above have their bytes changed to '90' (below).
Now after each of the bytes you wrote into notepad earlier add '-> 90' e.g.:
Step 4 (Saving the modified file):
8B -> 90
16 -> 90
8B -> 90
52 -> 90
14 -> 90
50 -> 90
8D -> 90
4C -> 90
24 -> 90
1C -> 90
51 -> 90
8B -> 90
CE -> 90
FF -> 90
D2 -> 90
The final step for the modifications is to save the file as a .exe.
Saving the modified file:
Now that you have made all the modifications, simply right-click the address window in OllyDBG go down to 'Copy to executable' and then to 'All modifications' (below).
After you click 'All modifications' a new window will pop-up, simply click 'Copy all' (below).
Another window will pop-up after clicking 'Copy all', just exit this window by clicking 'X' (below).
After exiting this window another will pop-up, on this window just click yes (below).
Finally after click yes in the window above a final window will pop-up (below) asking where you want to save the .exe and what you want to call it, I recommend saving the file to your desktop and naming it 'COMP'.
After you have saved the modified file you can close OllyDBG and AssaultCube.
Last edited by Styx™; 11-19-2012 at 04:19 PM.
Post Thanks / Like - 5 Thanks
[TUTORIAL] Creating A File Patcher [Part2]
Step 5 (Finding The Differences):
Earlier in the tutorial I asked you to make a backup of ac_client.exe, the back up is for this step and I recommend moving it to the desktop.
In this step you will compare both the original file (ac_client.exe) and the modified file (COMP.exe) in the hex editor (HxD).
Loading the files into HxD:
To load the two files into HxD, simply run HxD then click File>Open (Below) and then select the two files.
Comparing the two files:
After you have loaded both files, click Analysis>File Compare>Compare (below).
After Clicking 'Compare' a new window should pop-up (below).
In the window above the two files you loaded should automatically be entered into the textboxes, to finish click 'OK'
Finding the differences:
After you clicked 'OK' on the previous window, the first difference in the two files should be highlighted in HxD (Below).
If you look back at your notes in notepad, you will notice that the byte highlighted in the top window is the first byte from the recoil addresses, and in the bottom window you will notice that instead of '8B' the byte is '90' which is what we changed it to in OllyDBG.
The only part we are interested is the text circled at the bottom of the window '5AB0A', this is out hex block (Offset), write this in notepad as e.g. 'Recoil Offset: 5AB0A'
The next step is to continually hit 'F6' until you get to '0E' in the top window and '06' in the bottom window (below).
Again you can see that the two bytes highlighted are the bytes we change in OllyDBG and again we are only interested in the 'Block' so again write into notepad 'Ammo Offset: 5AB60'.
When you have done this you can close HxD and move onto the next step.
Step 6 (Making The Patch):
In This step we will create the patch itself in visual basic using my 'patchFile' Sub.
Creating a new project
To create a new project in visual basic simply click the new project button (below) or press 'Ctrl+N'
After you click the button above a new window will pop-up (below), click 'Windows Forms Application' and name the project 'AssaultCube Patch'
When the project loads, drag a button and two check boxes into the form and then resize it (example below).
Optionally you can rename the forms title to 'AssaultCube Patch'
The next step is to double click the button to show 'code view', one you do this write the code (below) into the buttons sub.
After you do this you will need to at the patchFile() sub (below).
Private Sub patchFile(ByVal strLocation As String, ByVal hOffset As Integer, ByVal hBytes As Integer())
Dim writeFile As BinaryWriter = New BinaryWriter(File.OpenWrite(strLocation))
For i = 0 To hBytes.Count - 1
writeFile.BaseStream.Position = hOffset + i
Next you will need to declare the bytes at the top of the class under 'Public Class Form1' (Below).
The ' "" ' are only there to prevent errors in the image, instead you will write each byte that we wrote down in notepad for ammo and recoil.
Make sure to put a '&H' before each byte to declare it as a hex value (Below).
Next you will add 'Imports System.IO' above 'Public Class Form1'
Finally you will write the methods for the patching in the button sub (Below).
In the image above the red rectangle highlights the location of the file to patch, the orange is the 'Block' of the first byte (We wrote these down in notepad earlier for both ammo and recoil) and the blue is the bytes to patch (We declared them at the top of the class).
The last thing to do in this patch is to build the application and save it somewhere.
Step 7 (Patching AssaultCube):
This is the final step where we will move our patch to the AssaultCube installation directory.
To do this step simply move your patch the AssaultCube installation directory (Default: C:\Program Files (x86)\AssaultCube_v126.96.36.199) and then into the 'bin_win32' folder, one you have moved it to this folder simply right click the file, and click 'run as administrator' and then when the program loads check both boxes and click 'Patch'.
Now exit the program and start AssaultCube.
Fleep - The addresses for the recoil hack (From his tutorial)
xMeltdowNx - Writing This tutorial as well as the patch sub.
Last edited by Styx™; 11-19-2012 at 04:21 PM.
Post Thanks / Like - 1 Thanks
Nice Tutorial . I didn't expect this to be that easy.
*Approved, thanks for the great tutorial
EDIT: Stickied for its great detail
Thanks, it really helps out the coding noobs like me... :)
Last edited by maymonaise; 12-21-2012 at 10:17 PM.
"All you need is ignorance and confidence and the success is sure."
-- Mark Twain
"For a long time it puzzled me how something so expensive, so leading edge, could be so useless, and then it occurred to me that a computer
is a stupid machine with the ability to do incredibly smart things, while computer programmers are smart people with the ability to do incredibly
stupid things. They are, in short, a perfect match."
-- Bill Bryson
Its alot easier than everyone thinks
Originally Posted by Lokikol
Here are the functions for both read and write Link