Memory Scanning & Detection

[carvv]

Hello All,

First post here, please be kind. I know C++ and have been in comp sci for awhile, but I'm a beginner game hacker. I'm trying to write an aimbot for Overwatch. It seems the first step is to find the memory structures representing my player's attributes and the other player's attributes. However, immediately upon attaching CheatEngine to begin scanning for values, the game crashes. I have to assume that Overwatch has some way to recognize and terminate when CheatEngine is attached. Do you think that is what's happening? Do you know if there's a workaround? I have been trying to write my own simple CheatEngine-like scanner, but I'm struggling a bit. Most memory reading and modifying tutorials assume you already know the memory address. Can anyone point me to a tutorial on scanning the entire memory footprint of another process in C++ similar to how CheatEngine does it? My assumption is that Overwatch cheat detection will not detect my custom scanner and terminate itself.

Thanks,


Carvv

[Hitokiri~]

Making an aimbot for someone who just got out of learning C++ is a bit too "expecting".
I'd recommend you start off on some simple wallhacks instead.

As for that game, I can't personally tell you what's wrong but most likely they got some anti-debugging tricks.
There's a few methods to bypass this. ( Such as using OllyDbg with anti-antidebug plugins )

Also memory scanning is VERY complex. ( Well not complex to someone who's very based in PE formats. )
At the very least, it'd require you to:
- Parse the PE header for the game
- Determine sections and appropriate access permissions
- Determine which sections could be recognized as strings
- Scan for either multi-byte ( UTF8 ) or wide byte ( UTF16 ) strings by calculating the start/end of a section in memory.
- If you're planning to do memory editing via assembly, even more complex. You'd require an opcode disassembler.

You could try:
- Rebuilding Cheat Engine itself. ( Altering the process name, title, checksum etc. )
- Using something other than Cheat Engine ( IDA, Immunity Debugger or OllyDbg works wonders here. )
- Use a ring0 debugger ( One popular example is SoftICE )
- Resort to static analysis rather than dynamic analysis.
- Use another tool such as ReClass to construct your structures.

[carvv]

Thank you for your very helpful post. I agree that an aimbot is maybe a bit too ambitious of a first project. But, I will be content if this takes 6 months and I learn a lot. That's good enough for me.

I have found some success and good code examples. I would post links to those code examples, but I'm not allowed yet. Overwatch was indeed stopping CheatEngine specifically because Overwatch continued to function while my own simple scanner worked well. I'm using VirtualQueryEx and ReadProcessMemory to find my own name in the process memory for Overwatch. This is a very small but important first step. Next, I'll try to find the offset from the base address and begin exploring the memory near my own name in the hopes that the x, y, and z coordinates are in the same data structure and in close proximity. Then, if I can find the distance between player data structures of if they are part of some linked list, I can find the coordinates of other players too. If I start to have some success, I'll share my information in the Overwatch forum.

You seem experienced, so if you have any advice or links with respect to aimbots, please share and point me in the right direction. :-) Thanks again.