Posted: Tue Jul 26, 2022 2:30 am Post subject: Webassembly (WASM) question - Stuck with offsets
Hi,
I'm messing around in CE with a browser based game written in WebAssembly. I'm running it through a C# application using Chromium Embedded Framework, and I attach into one of the spawned CefSharp.BrowserSubprocess.exe processes.
I have no issues finding the values I want but having a huge headache getting any sort of offsets or pointers. I'm a relative noob at CE but I have an idea of how memory addressing works and my assembly knowledge is so-so, it's been enough to do some basic reversing / finding offsets in Unity before.
Manually drilling down through pointers using 'find out what accesses', there are sometimes as many as 15k addresses and none of them are static. I then get about 4 deep on any given one before I can't go any further.
I have tried pointer scans using several generated maps on different addresses, as well as the other method of leaving the scanner open and comparing after a game restart. They always yield no results.
There is almost no information online that I can find about hacking WebAssembly games, I spent most of yesterday Googling and looking at tutorials etc on finding offsets but they all cover really basic/easy stuff like Assault Cube.
Any advice on how to go about tackling this? I'm determined to figure it out but I want to know if I'm banging my head against a brick wall for no reason and I'm out of ideas now.
Just to check I'm not doing something fundamentally wrong I booted up Assault Cube and had no issues finding pointers from find out what accesses > disassembler and looking at the instructions, as well as pointer scans so that must count for something
Last edited by John1957 on Tue Jul 26, 2022 3:31 am; edited 2 times in total
The more "stuff" there is between software and hardware (i.e. sandboxing, virtual machines, etc.), the worse pointer paths become. A game running in a virtual machine in your browser on your computer is going to have far more stuff going on than a game that was compiled to run directly on your computer.
What you should do heavily depends on how the WASM code is getting executed. Code injection (search "injection copy") might be viable. _________________
I don't know where I'm going, but I'll figure it out when I get there.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum