Game Cheating part 1

Ahmet Göker
6 min readOct 29, 2022

--

Greetings to the best hackers in the world.

Today I want to illustrate Game hacking technique to Info Sec people. This blog will be about changing the bullet value of the game. I hope you will like and subscribe my blog-page. This blog shall be written only for educational purpose only do not use for any malicious events. It is recommend to learn cpp pointers, because you can be overthinking what such tasks and offset does. It is important to know at least 1 programming language as well as WINAPI32 to understand the methodology

Cheat Engine

First of all, let me get started to demonstrate what Cheat-Engine is. Cheat-Engine is a tool which scans the memory address of a game. Most crackers do know what this tool does, and it is worth to check this tool if you want to enhance your RE,cracking skills. This tool allows you to access data stored in your computer’s memory and make changes to that data. I will going to show a part of the functionality.

You can download here: https://www.cheatengine.org/ You can also watch some tutorial to have to have a better understanding.

I am going to show you step by step how we can manipulate the game.

I have downloaded this game because it seems that this game does not have memory protection. You can always use your memory protection technique from cheaters like me:)))

You can also check the source code of Cheat Engine: https://github.com/cheat-engine/cheat-engine

I will check this later. There shall be a written blog about code base analysis of cheat engine.

Game-Mod with cheat-engine

First of all, I will be going to modify the bullet value, but it would be useful to understand what the process are:

  1. start the game, and wait till the screen is being popped up.

Awesome this means that the game is running. Let me check the PID of this game.

Awesome, PID : 22804

2. We know that the game is running and the PID is being popped up as well. The second thing that you should is activating cheat-engine

Click left at the end of the window, and select → av_client.exe

This means that we attach the game to the memory reader:)

3. After the attach process, we should concern on the amount of bullets

I shot 7 bullets to the wall, now there are 13 left. This is important, read this part carefully.

Go to → value, and type 13. This means that all memory addresses will be shown onto the screen. With that memory address we need to search the right memory address to being able to manipulate the value.

After typing 13, shoot 1 bullet and then search it again. Now we have 12 left. Type 12 to the value bar. The reason is that we need to look the right memory after all.

Awesome 2 memory addresses are being appeared. I reckon one of them is the right memory address which can be manipulated.

Awesome the first memory address looks that its right one.

“00853EE8" this our target memory address, but there is 1 problem. The problem is that when we restart the game the memory will be changed and… the bullet value will be the same. Do not worry “Game hacking part 2” shall be appeared in my blog page. We will be able to change the value of this game for ever…

Oke, The most important is coming… We should always be able to check the pointer of the bullet value.

Finding the pointer of bullets

We can always change the value of bullets. We know that we are REs and we love challenging. Now, let me scan the pointer of the memory address

Right click onto your mouse and click “pointer scan for this address” this will be great when we want to implement to our code.

As you can see our memory address. You can increase the offset or decrease its up to you. I recommend you to set 6 or 7..

Awesome all pointers are appeared to me. Now we are not always lucky to choose the right pointer address of it. After checking and accomplishing that its true lets go further….

Awesome this is the right one.

Oke.. after the process now I am going to code this manually with WINAPI32 internal.

Coding and Hacking time

This part of my blog would be interesting. It is will worth to enhance your programming skills, because not always your standalone program should work.

You can check the docs of Microsoft -> https://learn.microsoft.com/en-us/windows/win32/apiindex/windows-api-list

After learning progress come back..

We need to include “windows.h” and defining the “_WIN32_WINNT” this means that we are working on windows 10 or above.

  1. We should define “pid” process identity of the game.
  2. We always should choose “address” // the memory address

3. When the game has been started, this is the amount of the bullet.

HWND → to retrieve the window handle for a window.

This is important when the program is able to find the window of the game // When the program could not find the window → error message

When its found do the manipulation process.

GetWindowThreadProcessId → Retrieves the identifier of the thread that created the specified window and, optionally, the identifier of the process that created the window.

OpenProcess -> Opens an existing local process object.

If the handle is not true → could not connect to the game

When it is true we are going “ReadProcessMemory” to A handle to the process with memory that is being read. The handle must have PROCESS_VM_READ access to the process.

You can read the docs for more information.

After, it will show the bullet amount lets give try…

Bullet amount → 97

Lets give a try……

We can make it more nicer,but as a short demo it will be great. Now, I am going to write it with “WriteProcessMemory”

WriteProcessMemory → Writes data to an area of memory in a specified process. The entire area to be written to must be accessible or the operation fails.

Awesome. We have successfully cracked the game.

Summary

We are done of course.. In the part 2, we are going to use DLL injection technique.

You can follow me on:

LinkedIn: https://www.linkedin.com/in/ahmetgoker

Twitter: https://twitter.com/TurkishHoodie_

Instagram: https://www.instagram.com/d4rkc0d3r/

--

--

Ahmet Göker

🧑‍💻 Security Researcher || Sociologist