Is reversing games to find memory locations for the purpose of botting (or cheating) the same general steps of reverse engineering any other software product?

I can use cheat engine to find addresses, but I'd like to get in a little further so that I can find more interesting addresses such as NPC ids and maybe the "loot" function address so I can call it from my bot instead of using key combos..

Just trying to figure out where to get started. There is a lot of info out there on the subject, but I'm not really finding much in the way of tutorials directed at games and reversing for the sake of cheating them. Finding a lot about getting around serial protections or for finding undocumented apis in windows libraries or whatever.

But maybe it doesn't matter and if I just go through those things I'll eventually figure it out?

Guessing by your use of the word "NPC" I am guessing your referring to Warcraft?

The answer to your question is yes and no.

You can essentially bot/cheat using memory patching, but keep in mind the game is designed to look for that activity. Warden, is the name of its protection I believe. Another thing to keep in mind is that NPCs are controlled server side. While you can make them spawn using memory patching the Server requests to interact may go ignored, or cause a disconnection.

Technically that does fall under the scope of reverse engineering, but there are many different aspects of it. You'll need to learn to look for CRC, and MD5, as those are common process integrity checks to detect memory patching. Assembly Language knowledge is required for that, as you will need to debug the process as its running and connected.

You may also want to work from trial accounts rather than a personal account, to try to prevent account bans.

Just a "head's up" reminder to those who may not know. It is not necessary to quote the entire previous post to respond to it. It just needlessly adds to the load of the database. On the bottom right of the buttons at the bottom of a post there is one which looks like a page of text with a down arrow on it. That it the "Quick Reply" button and will open a Quick Reply window in which you can type your Reply without any quotation of the previous post.

If you do need to quote part of the previous post, or more likely, part of a post further up the Thread, Please attempt to limit the amount you Quote to just the part that may be needed to add clarity to what you Reply.



Regards,

OK.
As for your question reversing is needed for cheating. There exist two kinds of cheats: memory and aimbots. memory is used to unlock special items or locking addresses so that values wont decrease (see ammo etc). As D-Jester said however, most of this addresses are checked server side (for example life, ammo etc). Instead, Aimbots are used for automated tasks. I cant tell you exactly how to hack but i may point you out how to reverse a protection (i studied PB one month ago).

Basically PB looks for changed meme addresses, do random screenshots, check your running process for blacklisted cheats and then send a report to the server. SS are easy to bypass (it looks more like an advertising gimmick). As for mem addresses you have 2 options:

1) Bypass the check in memory (time expensive and difficult)
2) Replace your changed memorys with cleaned ones (you just need to redirect the PB check).

I am working on a paper about changing memory: it will cover how to hack windows' minefield and will be beginner-friendly. I dont know when i will release it, depend on how much spare time i have.

bye

Thanks for your replies,

WoW is what I have been botting for right now, but that is because people have already done the leg work to find all the memory addresses. Basically now I want to know how they found those memory addresses.

I'm aware of warden and I don't really want to write a hack per se, but maybe for example use some in game functions to be able to auto loot w/out having to do shift click on my dead target.

I'm just trying to figure out how to get started with it, obviously going to take me a good while to figure it out.

I'm starting with too large of a project which is why I'm asking should I just start with the tutorials I can find? Also has anyone read Reversing: Secrets of Reverse Engineering by Eldad Eilam? I was thinking about picking that up..

Thanks again

I am afraid that you cant start the project you have in mind with little knowledge about reversing. Finding memory addresses is easy, finding and understanding what read/write that specified mem address is much more difficult.

If i were you i d start with some tutes about cracking in general (at the bottom of this bage you can find a link to tuts4you, there you can find lena tutorials altough i suggest ricardo narvaja for his clarity), read even some quality papers from arteam too if you have time.

Once you understand a bit about asm, you can start using some basic tools like cheat engine (if i am not wrong it comes with a very detailled tutorial) or MHS (i used this in my tutorial, its more RE oriented).

Remember: go slow and neat.

Alex

wowglider v blizzard may be a court case you want to look at before starting a venture like this

I know I am discouraging,but its good to know things about the 'target' company and their policies,and the courts decisions...

regards BanMe

Thanks AttonRand.


BanMe, Yeah I've read about that. I'm not planning on making any money on it. Just doing it as a pastime. I don't even play WoW anymore, but there are a lot of future games I might like to bot on but wont have the info readily available to me like in WoW. So I figure now is a good time to learn the hard stuff.

good to hear the enthusiasm, keep strong and dig deep

join the revival act,we plan to be doing alot of teaching in alot of areas including the ones you mentioned

regards BanMe

Secrets of Reverse Engineering by Eldad Eilam is for beginners who wanted to know how to start reverse engineering.Just don't read,just do it! you've got a lot to learn