Archives de
Catégorie : Cheats

Warsow, first assault (bonus)

Warsow, first assault (bonus)

Introduction This article is the continuation of the last post about Warsow. In this one, we will see how to achieve the same result than the useless tool describes previously but, this time, with a shared library. The theory If you read the article series about shared library injection, the method exposed here will not be hard to understand. This one relies on the same few steps already described: Get the base address of libcgame_x86_64.so. Compute the opponent position address….

Lire la suite Lire la suite

Warsow, first assault (part 2)

Warsow, first assault (part 2)

Introduction In this post, we will continue to play with Warsow (see the first article) and exposes some basic knowledge about pointers paths and /proc/mem. Pointers paths? I don’t know if pointers paths is the real name but I’ll use it in the rest of the article. Last day, we saw where is the struct of the first opponent in our Warsow memory. However, due to the ASLR, the struct location changes between two executions. Thus we need a little…

Lire la suite Lire la suite

Warsow, first assault (part 1)

Warsow, first assault (part 1)

Introduction I wrote this short post to give some news about my journey in the cheats development. Unfortunately, I didn’t have time to work on it. I just resumed my researches and I take this opportunity to write a very basic article in English. The last hour, I made a simple proof of concept allowing to retrieve some data about an opponent on Warsow (a FPS game). To be more precise, the goal was to develop a tool that get…

Lire la suite Lire la suite

Shared library injection into a Linux process (bonus)

Shared library injection into a Linux process (bonus)

Introduction This bonus article describes a second easy method to retrieve a symbol address into a process. The first method was exposed here. As explained previously, the injected lib is loaded into the victim process (yeah, that’s the goal) but also into the injector in order to compute an offset. This last loading can cause several drawbacks: Load a library just to compute an offset may be overkill. If the library contains some constructors, these ones will be run into…

Lire la suite Lire la suite

Shared library injection into a Linux process (part 2)

Shared library injection into a Linux process (part 2)

Introduction In the last article, we saw how to retrieve a function pointer into the memory of a process as well as the theory about shared library injection and . As a reminder, here are the steps to inject a library: Compute the address of __libc_dlopen_mode into the victim process. Attach the victim process with ptrace. Modify the victim process to make it execute the __libc_dlopen_mode function. So, in this article we will see how to interfere with the execution…

Lire la suite Lire la suite

Shared library injection into a Linux process (part 1)

Shared library injection into a Linux process (part 1)

Introduction Since my childhood, I wanted to know how do game cheats work. And because it has been a long time since I haven’t touch any process from the inside, the time has come! In this article series, I will show some of my works about cheats development. I just began this long journey and I don’t even know yet if I will finish it (yeah, procrastination). As explain into the title, in this article I describe the first part…

Lire la suite Lire la suite