PDA

View Full Version : [Tutorial] Hosthack



p00onu
08-03-2007, 07:51 AM
This is being reposted from the Hacking section.

This tutorial was written by ulliklliwi. All credit goes to him.

HOST HACK

I will be using:
OLLYDBG 1.10
StarCraft Brood War; Patch 1.15


1) StarCraft, attach it to ollydbg
2) Start Local Network game (UDP)
3) Already knowing that 0x00596870 address holds the boolean for host or not. We do ctrl+g in ollydbg and type 00596870 push ok.
4) Right click on 0x00596870, Breakpoint->Memory, on access.
5) Create a game, now break point will break
6) Breaks at 0x4a7f7e, push F9. ( Write down all the offsets you find.)
My offsets of breaks
4a7f7e
4d3728
4b9420
4d3d47
4d3df7
4d3e31
4c4981
4d3ecf
472116
4512da
451896
7) After hitting F9, olly will break again but at different address 0x4d3728.
8) Now after finding all the offset olly wont break anymore cuz nothing accessing it
9) remove the breakpoint at 0x00596870 breakpoint->remove memory breakpoint
10) now cancel the game that you created
11) goto olly ctrl+g put the 1st offset you found in (4a7f7e)
12) scroll down look for a jump (JE OR JNZ), If you see JNZ then skip it, move on to the next offset in the list
13) If its JE change it to jnz (hit SPACE BAR), (Cuz where looking for JE jumps cuz JE means if zero(false)
14) after finding the jump in line 12, now create a new game. If your drop down menus are disabled, then you found it. If not then right click undo selection. Repeat until you find it
Note: i found it by 4512da witch i scrolled down to see 004512E8 JE SHORT StarCraf.004512F1
15) at 0x004512E8 right click binary->fill with NOP's, now you can be host or not and still have host powers.

khw4117
11-16-2008, 07:16 AM
Thanks. :-)