Solved Static address is fine but address to write to changes after new mission

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

SICGames88

Newbie
Full Member
Nobleman
Sep 6, 2015
70
768
0
What sparked my interest again was the fact people running around on Doom 4 with aimbots but charging 15 dollars a month. I said to myself, "This has to be a scam!" I digged around in Fleep's tutorials and created a AIM Bot for Counter Strike. Fair enough I said, now what about Assault Cube - partially got that finished. I moved onto Doom 4. Unable to obtain full heath address - armour yes that's good. Location XYZ yes, angle rotation vector yes - but apparently I don't think I can update it unless I go into menu then back to game. I don't wanna do this online quite yet. I'm only on campaign mode right now.

Now I was able to alter how many weapon upgrade points I get and I obtained the static address but the address I changed to update weapon upgrade points didn't have no pointers at all. I did a pointer scan on max level 5 and all came back zero found. So after new mission I see the points I altered wasn't able to be found.Each time I get enough kills I get a new point that and that's on the static address I have obtained. I have 37 points but the static address says 3 then a couple more kills to get more points I get a value on the static address of 1 or 5 . Perhaps if I do a disect structure I may be able to find what I'm looking for using an offset.

I noticed in Fleep's Counter Strike trigger bot the offset would constantly change as well and had to be offset to the correct address near the player base. Even with the armour address I'm not sure I am able to obtain the player's base.


In conclusion - a bit more digging around and eventually may find the player's base. Inconsequentially I may have stumbled upon the entity's base because it gave me a bunch of looked like health values. I'm unsure but more digging is required.

About that weapon upgrade points - it sounds like I'll have to find the base for that and calculate the offset, right?:
 

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,073
78,998
2,371
I'm able to get some values but not health, weapon upgrade points etc... only XYZ Position, armour, rotation XYZ, Also you can't say just because 100 health is a 4 interger when it could be a float.
Well if you have those addresses and they are writeable, they are most likely part of the player class and you will find more variables near them in memory. So fire up either reclass or Cheat Engine's struct dissector.
Here is how I find variables in the classes with reclass:

As for health not being an integer, just use unknown initial value and scan for any type3

When publisers release a game on steam they can opt in for various anti-debug protections to thwart piracy, perhaps that is what you're seeing


Static address is fine but address to write to changes after new mission
Nothing's ever easy is it? For instance in openarena which is an idtech3 engine game, it uses virtual machines and everything is dynamically allocated. The "static addresses" were relative to the location of the dynamicly loaded virtual machine module. After a long time and lots of reversing I was able to trace back to the start address of the module, found a pointer to it inside the virtual machine table. The game has to keep track of what's going on, and it's your job to figure out how it does that. So that was an idtech3 game, you're hacking a idtech6 game. I would imagine it has some similarities Good luck

Do these tutorials:


 
Last edited:

SICGames88

Newbie
Full Member
Nobleman
Sep 6, 2015
70
768
0
i like the video and yes I've been using the same format just with pointer scan with max level of 5. Interestingly enough while noticing the health in Doom Campaign mode - the UI wants to change the value to what I entered but inside the pointer scan values change constantly when I never died nor never new mission. I'm unsure if the game imploys a anti-cheat but what I do know is the game is packed using k.kryptor 3. If I ran a PE inspector software I'm sure assault cube will not be packed. However though, SteamAPI does have IsDebuggerPresent function - not sure if it's being ran or not because the game itself is packed. So IDA Pro will be worthless in this scenario. I'm able to get some values but not health, weapon upgrade points etc... only XYZ Position, armour, rotation XYZ, Also you can't say just because 100 health is a 4 interger when it could be a float. Sometimes they'll make it a float to throw people off. Floats can be cast typed into integers as well. I have to dig more though.
 

SICGames88

Newbie
Full Member
Nobleman
Sep 6, 2015
70
768
0
A interesting thing to note and it should be noted for others users having issues. I looked under Doom4 with IDA and found the import they were using was OpenProcess. Sounds like a anticheat detection to me, no? I compared it with AssaultCube and Counter Strike and no OpenProcess nor VirtualProtect which those functions were found in Doom 4 import section. Why would they care to have OpenProcess and why would they even care for VirtualProtect. This could the reason why I am unable to read some things I should have as in like Assault Cube or Counter Strike.
 

SICGames88

Newbie
Full Member
Nobleman
Sep 6, 2015
70
768
0
After a few more attempts at digging and modifying steamapi dll file where it determines if there's a debugger running I nopped the call. I was able to find the health address successfully. On top of that the player's base. The armour and health were right next to each other acouple offsets apart. Upon digging I noticed the health being rounded. So 200 health would be 199 and something in decimals. Once I was able to realize this I did a pointer scan and came back with only two results. Bingo - I added them to address list and now I can write to the health long as I want. IDSoftware did a lot of implementations to prevent altering the game's values. Kudos for them.
 

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,073
78,998
2,371
I believe that the game developers are using a float for the health value for the extra precision but are abstracting that precision away from the user and only displaying an integer on the screen. So not an anti-cheat mechanism :) Nice job figuring it all out I hope you will make a release or at least drop a Cheat Engine Table for this new game!
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods