Memory Hacking: Fistful of Frags


This is my first completed and polished memory hacking project; a 3D video game cheat which gives the cheater information of other players and locks onto targets. Using the C++ Windows API, a handle is opened to the game and various byte-pattern scans are executed on the game's executable module. The pattern scans are used to find pointers that dereference to game objects in heap space, and to handle ASLR memory protection.





The screenshot above shows the results of the pattern scans, such as the player base which is a collection of player objects.

Player Base (0x2C0B0ACB) + 0x4 = Player ("Rusty Shackleford") + 0x8 = Weapon (shotgun)
Player Base (0x2C0B0ACB) + 0x8 = Player ("BOT Sentenza") + 0x8 = Weapon (python)

Each player also contains a vector coordinate of their location, which can then translated from 3D to 2D by using values found in the game's view-matrix table (something else necessary to find in memory). The hardest challenge for me was finding the bone structure of player models which contains the 3d vector positions of the head, chest, hands, etc. Since this game is built on the Source engine, there is an occlusion culling feature which stops the rendering of these bone structures when the player model is occluded. In the video below you can see this in action, a green crosshair only appears when I'm able to find the bone structure of target's model - otherwise it's just the green bounding box which is based strictly off the player coordinates and simple height value.