Hacking health old games - DOOM 1/HL

[Ezilkannan]

Hi,
I have been trying to use simple memory search/editing to hack old games like DOOM 1 and Half Life. However, even though I narrow down to the address and freeze the value, I still end up dying. What am I doing wrong?

 

[Bloodybone]

Hi,
I have been trying to use simple memory search/editing to hack old games like DOOM 1 and Half Life. However, even though I narrow down to the address and freeze the value, I still end up dying. What am I doing wrong?

In a game like Half Life or games made with source there is a client.dll and a server.dll That means that you probably locked the graphical adress you can try locking every adress and see what adress is the right one or you can rightclick on an adress choose find out what writes to this adress and then click onto show disassembler and look at the left and if you see client.dll its the wrong adress and if you see server.dll than it is the right on.

 

[Ezilkannan]

Hi,
I have been trying to use simple memory search/editing to hack old games like DOOM 1 and Half Life. However, even though I narrow down to the address and freeze the value, I still end up dying. What am I doing wrong?

In a game like Half Life or games made with source there is a client.dll and a server.dll That means that you probably locked the graphical adress you can try locking every adress and see what adress is the right one or you can rightclick on an adress choose find out what writes to this adress and then click onto show disassembler and look at the left and if you see client.dll its the wrong adress and if you see server.dll than it is the right on.

Tried that. But I am unable to freeze or change the value for that address. It updates too fast, tried setting the update and freeze interval to 1ms didn't work. Tried pointer scan, one of the expected pointer address returned no results so I guess its the other one, however there is no expected value in this one. Just "push word or doubleword onto the stack(sign extended)". I don't know how to proceed further. Changing the code to nop crashes the game so can't do that.

 

[Bloodybone]

I made a video showing how to find Health. I used Half Life 2 for it but i was made with the same engine, I hope it helps

Video showing how to find Health

 

[Ezilkannan]

I made a video showing how to find Health. I used Half Life 2 for it but i was made with the same engine, I hope it helps

Video showing how to find Health

That didn't work. Like I said, some of the address cannot be changed/frozen. It is updated back to the original value anyway

 

[Bloodybone]

I made a video showing how to find Health. I used Half Life 2 for it but i was made with the same engine, I hope it helps

Video showing how to find Health

That didn't work. Like I said, some of the address cannot be changed/frozen. It is updated back to the original value anyway

Try locking every adress you found at once and see if you can still get killed

 

[Ezilkannan]

I made a video showing how to find Health. I used Half Life 2 for it but i was made with the same engine, I hope it helps

Video showing how to find Health

That didn't work. Like I said, some of the address cannot be changed/frozen. It is updated back to the original value anyway

Try locking every adress you found at once and see if you can still get killed

Tried that too. Every address seem to be reverting back to the actual value even when I freeze/change it at 1ms. It seems the game is updating it faster than CE can freeze/update.

 

[Bloodybone]

That didn't work. Like I said, some of the address cannot be changed/frozen. It is updated back to the original value anyway

Try locking every adress you found at once and see if you can still get killed

Tried that too. Every address seem to be reverting back to the actual value even when I freeze/change it at 1ms. It seems the game is updating it faster than CE can freeze/update.

I think that all of them are graphical adresses then... You could maybe Backtrace a graphical one and get to the real one

 

[Blayde]

Half-Life v1.1.1.1

 

[Ezilkannan]

Half-Life v1.1.1.1

This health script affects the monsters too :lol:

 

[Blayde]

Half-Life v1.1.1.1

This health script affects the monsters too :lol:

UuuuPS :mrgreen:

[ENABLE]
aobscanmodule(health,hl.dll,D8 64 24 64 D9 98 60 01 00 00)
alloc(newmem,$100)

label(code)
label(return)

newmem:
  cmp [eax+104],0
  jne code
  fstp dword ptr [eax+00000160]
  mov [eax+00000160],(float)100
  jmp return

code:
  fsub dword ptr [esp+64]
  fstp dword ptr [eax+00000160]
  jmp return

health:
  jmp newmem
  nop
  nop
  nop
  nop
  nop
return:
registersymbol(health)

[DISABLE]
health:
  db D8 64 24 64 D9 98 60 01 00 00
unregistersymbol(health)
dealloc(newmem)

 

[Ezilkannan]

Half-Life v1.1.1.1

This health script affects the monsters too :lol:

UuuuPS :mrgreen:

[ENABLE]
aobscanmodule(health,hl.dll,D8 64 24 64 D9 98 60 01 00 00)
alloc(newmem,$100)

label(code)
label(return)

newmem:
  cmp [eax+104],0
  jne code
  fstp dword ptr [eax+00000160]
  mov [eax+00000160],(float)100
  jmp return

code:
  fsub dword ptr [esp+64]
  fstp dword ptr [eax+00000160]
  jmp return

health:
  jmp newmem
  nop
  nop
  nop
  nop
  nop
return:
registersymbol(health)

[DISABLE]
health:
  db D8 64 24 64 D9 98 60 01 00 00
unregistersymbol(health)
dealloc(newmem)

That worked! thanks