Solved Making the hack for COD IW

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

rehack

Newbie
Full Member
Nov 9, 2016
15
58
0
NOTICE: The request for help is not technical (any technical help needed will be posted in a separate thread with a specific question, etc)

Hi all, rehack here :)

First a little about me and some reasoning behind the madness:
I'm a senior software engineer by trade, been programming professionally for 16 years, and coding much longer as a hobby. I really enjoy this game except when other hackers come in and it annoys the shit out of me, so i want to even the playing field. I don't know assembly very well, but I grokked it in the context of cheating engine pretty well and yea I could write a simple hello world program but meh.

I have a nice template for ESP/aimbot, and all I need are the mem addresses and we should be good to go. I've already been able to make/compile the template and it works great!

My humble request for your help is to meet up with me in a custom game so we can trackdown the memory addresses needed to complete the hack. I'm planning on doing this all weekend and I live in -5 GMT (EST) timezone. If you can help me, let me know, send me a PM! We can set up a time to meet up in a custom game and get things started.

What would you be doing?

So I figure (and correct me if you think its dumb) we can find all of the addresses needed by scanning after some action, so for example, I'll ask you to move forward a few steps then remain still as I scan the addresses, then move forward again and I scan again.. that is one example but we'll be doing a lot of things like this. My hope is that we can get the addresses much faster this way.

I'll also journal how we make this thing here as well.

Big thanks to fleep for sharing source code for what appears to be an amazing template for creating hacks for a bunch of different games!
 
Last edited:

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,101
78,998
2,374
So I tried attaching debugger with CE 6.6, and no dice. All three debuggers (veh,win,kernel) crashed the game. I didn't realize this could happen :) So looks like growing pains to me, I'm going to try a CE alternative then, maybe I can get something to work.
Sounds like you might want to work on an easier game until you learn to bypass the anti-debug. I generally reverse engineer the player class in single player and then move into multiplayer, it's usually the same class or a derived class and makes the pain of finding everything in multiplayer much easier.

https://guidedhacking.com/starthere
https://guidedhacking.com/threads/how-to-get-started-with-anticheat-bypass.9882/
https://guidedhacking.com/threads/how-to-get-started-hacking-call-of-duty-games.11155/
 
Last edited:

mambda

headass
Escobar Tier VIP
Trump Tier Donator
Jun 25, 2014
2,298
37,938
269
Generally, you can patch most antidebugs by either

A.) Checking for hooks on DbgUiRemoteBreakin ( for windows debugger )
B.) Checking for hooks on RtlAddVectoredExceptionHandler iirc, ( For VEH Debugger )
C.) Patching the IsDebugged flag in the PEB/Patching IsDebuggerPresent to always return false.

OFC there are loads of tricks though, so your mileage may vary
 

rehack

Newbie
Full Member
Nov 9, 2016
15
58
0
So I tried attaching debugger with CE 6.6, and no dice. All three debuggers (veh,win,kernel) crashed the game. I didn't realize this could happen :) So looks like growing pains to me, I'm going to try a CE alternative then, maybe I can get something to work.
 

rehack

Newbie
Full Member
Nov 9, 2016
15
58
0
Rake;45476 said:
Sounds like you might want to work on an easier game until you learn to bypass the anti-debug. I generally reverse engineer the player class in single player and then move into multiplayer, it's usually the same class or a derived class and makes the pain of finding everything in multiplayer much easier.
Thanks! I'm able to get the player ammo and saved the pointer to it, but without debug I'm not sure how I can find the player itself. Instead I spent a few hours trying to hide the CE process from the game xD - I even found a script that injects your exe into another process (like lsass) but it didnt show the window. I even tried modifying who can read CE exe but that didnt work either. I'm gonna sleep it off and then try some other things tomorrow. I really like puzzles like this honestly, so I'm not giving up just yet :)
 

rehack

Newbie
Full Member
Nov 9, 2016
15
58
0
This sounds very interesting, I'd like to try this out but I'm not sure how to initiate a search to find the hooks / flags you mentioned - I'd imagine you would use some tool to do a search on the process that is running the anti-cheat, Or maybe just even cracking open the exe itself and disassembly and searching for them??? (although I'm pretty sure ASM doesnt have those kindof instructions?)

EDIT: I am checking out https://www.codeproject.com/Articles/30815/An-Anti-Reverse-Engineering-Guide (thanks rake!) - if you guys have any other interesting articles that I can grok let me know, I want to hit the ground running soon ;)
 
Last edited:

mambda

headass
Escobar Tier VIP
Trump Tier Donator
Jun 25, 2014
2,298
37,938
269
All of them can be patched with just cheat engine.

Memory view -> Ctrl + g -> "DbgUiRemoteBreakin" -> Looks patched? Unpatch it.
Repeat for RtlVectored...

IsDebuggerPresent -> either patch function, or use the address seen there and patch the PEB directly
 

rehack

Newbie
Full Member
Nov 9, 2016
15
58
0
Woah! Thanks a lot! I was thinking that search feature only would work for finding HEX addresses, this is awesome! :)

[ASM]
ntdll.DbgUiRemoteBreakin - FF25 00000000 60CEB5BEFD7F0000 - jmp KERNEL32.FatalExit
ntdll.DbgUiRemoteBreakin+E- 78 02 - js ntdll.DbgUiRemoteBreakin+12
[/ASM]

Now to have some fun!!! :D

EDIT: Wow the amount of countermeasures I'm facing is insane. So I made a lot of noop sleds and also tried using ret to return to caller. I also tried making kernel32.fatalexit return. It pretty much lets me modify everything related to dbgui* - if I try as much as touch rtl it crashes.. Still learning though lol not sure what im doing xD - Gonna keep at it..
 
Last edited:

rehack

Newbie
Full Member
Nov 9, 2016
15
58
0
Woah, interesting, I'll look into some IDA PRO and see if I can reproduce the same results (this is a steam game too)
 

Amonomen

Resident A$$hole
Dank Tier Donator
May 1, 2016
22
373
1
Second post I've read about problems with anti-debug on CoD games.

This is strange to me! I had no problem getting a debugger attached and working. Maybe I got lucky and CE was properly configured to hide from anti-debug from a previous game?
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods