How to Hack Any Game - OLLYDBG Tutorial How to use ollydbg debugger
So here it is the ollydbg tutorial you guys requested a while back, I hope this helps you and makes it easier for you to find the addresses and instructions you want in whatever game you are hacking.
Here are the guidelines that I follow every time I Wanna find a series of addresses and instructions.
Step one – find address in cheat engine
step two – find what rights to that address
step three – go on olly search for address the writes that
Step 3.5 – by setting hardware breakpoints find where
the beginning and end of the code is regarding the function you were looking for
e.g. firing gun, this way we know where to stop searching
step four – reverse through all the jumps jmp e.g. JNZ becomes JE
step five – write comments and test a command at a time
step six –if the game crashes then simply return to that address leaving a comment
saying nop crashes or reverse crashes
Step seven – you will have to restart ollydbg and the game every time, it can be tedious
comments are very important! always put them in to make sure you know where you were last
Here are some guidelines in detail
Order in which instructions should be modified:
1ST all jump commands should be reversed
2ND all calls should be NOPED
If you still haven't found our function that we keep searching in
more complex instructions
3RD we now start noping any instructions we haven't tried yet e.g. MOV BYTE PTR DS:[EAX+218],BL
MOV BYTE PTR DS:[EAX+218],BL because because no actual instruction is getting copied
4TH we leave to the end the most likely ones to crash
E.g. MOV EAX,DWORD PTR DS:[ESI+8]
ADD EAX,4 these instructions are very prone to crash
And that's why we leave them until the end
If an instruction like this is NOPED then we may have to NOP
several others above or below it usually until we found the next call
this is because those instructions may use a value stored within the instruction
that we NOPED this may take many tries and crashes
Reversing of JMP'S
JG = JL
JLE = JG
JE = JNZ
This is mostly about trial and error
Instructions like these should be ignored(unless they are part of a group of instructions):
CMP – stands for compare, this is usually seen before jumps
LEA – is used for more advanced calculations
Pop, push and retn don't usually have much to do with recoil, ammo and other info we usually
Int's are usually quite irrelevant also
Hope that helps out
Here is the tutorial some people were having problems with not finding certain addresses so I've uploaded this small tutorial to try and help them out, I hope this made things clearer and I didn't ramble too much.
Hello, I don't know if I should reply here on or the YT Video, but I wanted you to realize: If you NOP the CALL EDX its done too, I mean it doesn't matter if you initialize the EDX but just don't call it. I don't know if I made my self clear but it comes down to: Just NOP CALL EDX (0x0045B717)
Tip: You could just do Right Click > Undo Selection (Instead of restarting.)
Thanks Fleep, I was actually really confused about
how to use this, fifteen to twenty minutes ago.
"All you need is ignorance and confidence and the success is sure."
-- Mark Twain
"For a long time it puzzled me how something so expensive, so leading edge, could be so useless, and then it occurred to me that a computer
is a stupid machine with the ability to do incredibly smart things, while computer programmers are smart people with the ability to do incredibly
stupid things. They are, in short, a perfect match."
-- Bill Bryson
I have this really nooby question. How could you make so you can turn on rapid fire/no recoil through trainer? Like I've been checking out your source for changing simple addresses, but I have no idea how you can use information of addresses from ollydbg, and implement it in code.
Edit: Never mind.. With the DLL is what i need to get that job done.