Internal C++ Signature Pattern Scanning Tutorial Pt 1/3

Channel:
United States Guided Hacking
Subscribers:
178,000
Published on ● Video Link: https://www.youtube.com/watch?v=mKUSLJjlajg


Counter-Strike: Source
Game:
Counter-Strike: Source (2004)
Category:
Tutorial
Duration: 13:52
41,435 views
394

In this c++ game hacking tutorial you will learn how to signature scan for specific instructions that will give you a dynamic address, you could then do anything you want with it like patching, nopping, hooking, etc. Before we start you need to download the sigmaker plugin for OllyDbg and put it in the ollydbg folder, this will help us generate a nicely formatted signature or pattern that we could use on a C++ pattern scan function in our hack. Sometimes a signature or a pattern is called an Array of bytes, or AOB. They are essentially the same thing. Also aob scan can be used to say sig scan or array of bytes scan.

Timestamp:
0:00 Introduction
1:12 Getting addresses
6:33 Making signature
10:13 Explaining mask

Pattern Scanning Guide: https://guidedhacking.com/threads/c-external-internal-pattern-scanning-guide.14112/

Support us via Youtube Membership, Patreon or Forum Donations: http://bit.ly/2HkOco9

DOWNLOAD FREE SOURCE CODE: https://guidedhacking.com/showthread.php?3981

We start by getting the addresses for the instructions we want to find with signature scan using cheat engine. Basically attach CE to your target game, find some value that you consider useful and then use the 'find what writes to this address' tool so you can view the intructions that modify the value and the sequence of bytes that represent such instructions.

Now that we have an address we go to it in OllyDbg and use the SigMaker plugin. We need to select some instructions before using the plugin, this is because it needs to know which bytes to make the signature with. As a rule of thumb you want the sig to be as short as possible otherwise it could make our hack slow or something else bad might occour. Sometimes more than one address will be found with the same signature, if this happens you can either make the sig longer or try to offset the start of the pattern by a few bytes but in the latter case you would then need to add the offset to get the right address.

Pattern Scanning or Signature Scanning is the art of finding a sequence of bytes in memory which matches a sequence of bytes you already identified. You scan the good regions of memory byte by byte looking for the first byte. When the first byte is found, you compare each subsequent byte against the known pattern. If all the bytes are found, your pattern is found. If your comparison for 1 byte fails, you start over at the next byte.

You pattern scan for CODE, not DATA
Meaning, your signature should be for assembly instructions which are converted into bytes. Like "mov eax, [esi]". You do not pattern scan for the health integer 100. You pattern scan for the code which accesses this address. When you pattern scan returns the resulting address of the matching instructions, you then read the memory in that area where the address is hardcoded into the instructions. Or you hook and pull the value out of register. If you are pattern scanning for DATA you will get false positives. There are fringe cases when you will scan for DATA but that's rare.

Only Scan Good Memory
It is important that you only scan proper memory. If you just scanned from 0x0 to 0xFFFFFFFFF it would take at least 5 seconds in most processes. You can skip bad regions of memory by checking the memory page settings by using VirtualQueryEx. This will retrieve a MEMORY_BASIC_INFORMATION which will define the state of that memory region.

If the MemoryBasicInformation.state is not MEM_COMMIT then it is bad memory
If the MBI.Protect is PAGE_NOACCESS you also want to skip this memory

Scan a modules address range, not the entire process
Whenever possible (99% of the time) only scan a module, by scanning from the beginning of the module to the end. These addresses can easily be found with ToolHelp32Snapshot or by parsing the Peb-Ldr-ModuleList

Please don't forget to Like and Subscibe for more videos!!
Follow us on Twitter https://twitter.com/guidedhacking
Like us on Facebook https://www.facebook.com/guidedhacking
Support us on Patreon https://www.patreon.com/user?u=3197693
https://guidedhacking.com



Other Videos By Guided Hacking


2015-12-05Assault Cube Hack Aimbot ESP NoRecoil
2015-10-13How To Hack Any Game With Cheat Engine - Pointers & EntityBase
2013-11-11C++ Mid Function Hooking Codecaving Tutorial Pt 6/6
2013-11-11C++ Mid Function Hooking Codecaving Tutorial Pt 5/6
2013-11-11C++ Mid Function Hooking Codecaving Tutorial Pt 4/6
2013-11-11C++ Mid Function Hooking Codecaving Tutorial Pt 3/6
2013-11-11C++ Mid Function Hooking Codecaving Tutorial Pt 2/6
2013-11-11C++ Mid Function Hooking Codecaving Tutorial Pt 1/6
2013-10-21C++ Signature / Pattern Scanning Tutorial Pt 3/3
2013-10-21C++ Signature/Pattern Scanning Tutorial Pt 2/3
2013-10-21Internal C++ Signature Pattern Scanning Tutorial Pt 1/3
2013-10-06How to Inject a DLL into Game or Application Tutorial
2013-10-06The Curse Of Blackwater Cheats Flying, Sprint, Unlimited Lantern [FREE]
2013-09-14Outlast Cheats God Mode, Unlimited Battery Hack
2013-08-26How to Hack Counter Strike ESP Tutorial C++ Pt 6/6
2013-08-26How To Make An ESP Cheat TUTORIAL C++ Pt 5/6
2013-08-26How To Make An ESP Cheat TUTORIAL C++ Pt 4/6
2013-08-26How To Make An ESP Cheat TUTORIAL C++ Pt 3/6
2013-08-26How To Make An ESP Cheat TUTORIAL C++ Pt 2/6
2013-08-26How To Make An Counter Strike ESP TUTORIAL C++ Pt 1/6
2013-07-17How to Make an AIMBOT C++ Pt 2/6 TUTORIAL


Tags:
How to signature scan
how to pattern scan
array of bytes scan
aob scan
pattern scanning
sig scanning
C++ pattern scan
cheat engine
signature scan
sig scan
pattern scan
game hacking
c++ game hacking tutorial


Other Statistics

Counter-Strike: Source Statistics For Guided Hacking

At this time, Guided Hacking has 222,425 views for Counter-Strike: Source spread across 10 videos. The game makes up 3 hours of published video on his channel, roughly 2.79% of Counter-Strike: Source content that Guided Hacking has uploaded to YouTube.