Now to your queestion:
how in the hell do you update it by changeing some stuff in the c++ code ?
A hack basicly is built on the game engine. But we cant just use the engine as this, we need to get addresses to the engine classes, because the engine gets initialized in the game process. SInce we are making a dll we just can use the address directly. Now the game developers or engine developers can change some things in THEIR engine classes, which lead to the point, OUT engine class is outdated. We need to pad the class then.
A class is like a bunch full of addresses, all with their own size. A virtual is 4 bytes big, integer, __int32, char etc is 4 bytes big. Byte and bool is 1 byte big. When it comes to pad (padding) there are different methods. Normally we are just looking up the new class in reclass and then we see how much we need to pad. Lets say we have this class:
Code:
class cPadExample
{
public:
virtual void shootWeapon();
virtual void selfKill();
virtual int GetKills();
virtual int GetDeaths(); //This whole block is always 4 bytes big, doesnt matter how much virtuals
int ammo; //4 bytes big - integer
bool isShooting; //1byte big - boolean
} //size of 9 bytes
Now the developers think, hey lets add another cool function
Their class will look like this:
Code:
class cPadExample
{
public:
virtual void shootWeapon();
virtual void selfKill();
virtual int GetInfections();
virtual int GetKills();
virtual int GetDeaths(); //This whole block is always 4 bytes big, doesnt matter how much virtuals
int staminaStemulation; //4 bytes big - integer
int ammo; //4 bytes big - integer
bool isShooting; //1byte big - boolean
} //size of 13 bytes
We dont need the new things, so we just pad the class like this:
Code:
class cPadExample
{
public:
virtual void shootWeapon();
virtual void selfKill();
virtual void function0();
virtual int GetKills();
virtual int GetDeaths(); //This whole block is always 4 bytes big, doesnt matter how much virtuals
int iUnknown; //4 bytes big - integer
int ammo; //4 bytes big - integer
bool isShooting; //1byte big - boolean
} //size of 13 bytes
But we could also use for unknown a char or whatever, just the size needs to be right. For bigger pads, we use arrays, byte or chars. Chars for really big sizes, since chars are 4 bytes. See:
BYTE pad_01[0x5D]; //pads the class for 5D bytes...
char pad_01[17]; //pads the class for 5D bytes...
Both are doing the same, but have on the first look diferrent sizes.
Also, because developers chnage code, they are changing our addresses we need for the classes or other addresses. Thats why we make patterns.
They are looking for a known byte signature, better said:
Code:
killThePlayer();
enemy.deaths += 1;
player.kills += 1;
This means in ASM:
Code:
CALL 0xDEADBEEF
ADD byte ptr ds:[0xDEADBEE1], 1
ADD byte ptr ds:[0xDEADBEE2], 1
When we make a signature now, we shouldnt use all of these 3 commands in it. Look, what is if they add somethign after calling killThePlayer?
But what they will never destroy? Yes, the 2 adds, because its the programming style to not add somethign between them, so we make a byte signature from them!
But if theres not something like this, and you dont know what they will chnage and what not, search for static pointers. This method is good for something like this. Example: We are saerching static pointer for this address (0xDEADBEEF).
We will get as result ALL non dynamic (static) addresses, which are handling somethign with this address, like the
Now we make a signature of this address instead of 0xDEADBEEF, and always have the right pointer if they dont change something in the region of the call.
However, I hope you understood this, and never, ever call me an asshole. Im pissed off, because I wrote something like this more times, and I dont like it when some noobs call me noob. If you have more questions then ask, but look at your spelling. Your first question wasnt really nice spelled.