View previous topic :: View next topic |
Author |
Message |
man_cat_ How do I cheat? Reputation: 0
Joined: 26 Jan 2022 Posts: 2
|
Posted: Wed Jan 26, 2022 10:30 pm Post subject: Finding an array of objects using the array length |
|
|
Hello guys, completely new to game hacking. I've been writing in C# for over 10 years so I feel I'm getting the hang of this pretty quickly but I'm pretty stuck right now on this specific situation.
I'm trying to find the base address of an array. The array is essentially what's backing a table in the GUI. I'm trying to find the base address to this array so I can write a program in C# to read data from it and POST it to an API in real time.
The problem is none of the values ever change in the table so essentially I ended up finding the length of the table by causing rows to be removed from it. I just don't know how to go from the array length address to the address of the array itself. I hope that makes sense.
|
|
Back to top |
|
|
LeFiXER Grandmaster Cheater Supreme Reputation: 20
Joined: 02 Sep 2011 Posts: 1055 Location: 0x90
|
Posted: Thu Jan 27, 2022 3:53 am Post subject: |
|
|
C# covers only a handful of specific games. Many games are written in C++ which is a completely different language.
If the game is well-known, and or made with an engine that has been tinkered with before then it makes things easier. For example: Unity games are often coded with C# and with that you can analyse the Assembly-c-sharp.dll file.
|
|
Back to top |
|
|
man_cat_ How do I cheat? Reputation: 0
Joined: 26 Jan 2022 Posts: 2
|
Posted: Thu Jan 27, 2022 11:06 am Post subject: |
|
|
I'm actually not trying to hack a game. I'm hacking a normal application for productivity purposes. I'm just trying to take what it's displaying in a table on the GUI and as new records are added, pipe them to my api in the cloud. I believe the app is written in Java from what I can tell but it shouldn't matter right? I mean it all gets compiled to assembly anyway.
I'm just having trouble figuring out how to back trace from an array length address to the parent array itself.
|
|
Back to top |
|
|
LeFiXER Grandmaster Cheater Supreme Reputation: 20
Joined: 02 Sep 2011 Posts: 1055 Location: 0x90
|
Posted: Thu Jan 27, 2022 12:40 pm Post subject: |
|
|
man_cat_ wrote: | I'm actually not trying to hack a game. I'm hacking a normal application for productivity purposes. I'm just trying to take what it's displaying in a table on the GUI and as new records are added, pipe them to my api in the cloud.
|
Forgive me, but you did post under the general gamehacking section and as a result I presumed you were talking of a game.
man_cat_ wrote: |
I believe the app is written in Java from what I can tell but it shouldn't matter right? I mean it all gets compiled to assembly anyway.
|
It matters a lot. Java compiles to bytecode which is interpreted by a virtual machine (JVM). In saying that, you are quite right that you are able to analyse it at level closely resembling machine code albeit understanding what happens is all part of the fun when reverse engineering any software.
man_cat_ wrote: |
I'm just having trouble figuring out how to back trace from an array length address to the parent array itself.
|
Typically, there will be some form of loop which checks the counter value which will determine the flow based on those conditions. Here is a very simple loop at a lower level.
Code: |
Line1: i:=0;
005FD1DF 33C0 xor eax,eax
005FD1E1 8945F8 mov [ebp-$08],eax
Line2: for i := 0 to 10 do
005FD1E4 33C0 xor eax,eax
005FD1E6 8945F8 mov [ebp-$08],eax
Line3: label1.Caption := inttostr(i);
005FD1E9 8D55F0 lea edx,[ebp-$10]
005FD1EC 8B45F8 mov eax,[ebp-$08]
005FD1EF E8A86DE2FF call IntToStr
005FD1F4 8B55F0 mov edx,[ebp-$10]
005FD1F7 8B45FC mov eax,[ebp-$04]
005FD1FA 8B80D0030000 mov eax,[eax+$000003d0]
005FD200 E8DF4DF4FF call TControl.SetText
005FD205 FF45F8 inc dword ptr [ebp-$08]
Line2: for i := 0 to 10 do
005FD208 837DF80B cmp dword ptr [ebp-$08],$0b
005FD20C 75DB jnz $005fd1e9
Line4: end;
005FD20E 33C0 xor eax,eax
|
Perhaps this will give a little more insight in what to look for.
|
|
Back to top |
|
|
TsTg Master Cheater Reputation: 5
Joined: 12 Dec 2012 Posts: 334 Location: Somewhere....
|
Posted: Sat Jan 29, 2022 6:52 pm Post subject: |
|
|
if its made in java, try looking for some .JAR files around, then take a look using a java decompiler softwares like jadx for example, it wont give you addresses but at least you get to find more info about how the array is created, initialized, etc.
since the array is dynamic, you could try to monitor memory allocation APIs like malloc() and others.
|
|
Back to top |
|
|
|