Author Topic: Speedmod-apping - the lost tutorial  (Read 900 times)

0 Members and 1 Guest are viewing this topic.

Crossmol

  • Heckler
  • *****
  • Posts: 1522
    • View Profile
    • Facebook
Speedmod-apping - the lost tutorial
« on: January 29, 2007, 04:59:44 pm »
Lost and reveived:

Code: [Select]
A cheat which will either be part of a multicheat/mod-app or an external program intended for speeding up Windows programs. This type of cheat will allow the offending player to move quicker than he should be allowed.

This is the truth- but not the whole truth.  Not only can we move quickly- we can shoot faster; cast spells quicker, steal flags (sometimes even spawn quicker/instantly!) etc.  The whole game engine is running on ecstasy- as if you fed it right into your CPU!  This leaves us with endless possibilities when it comes to cheating in games.

How is it done?

All games rely on keeping track of time/time intervals by calling into some OS provided function(s).  For a complete list of Windows timing functions- visit the MSDN developer section here.

The most popular of the above list, by far- is QueryPerformanceCounter()- due to it's rather impressive accuracy.  GetTickCount() is frequently used in older games- or in games where the accuracy of time is not an important factor.

How can you tell which method the game is using to keep track of time?

I've found, the only way to be 100% sure you've got the right one, is by trial and error.  Odds are either GetTickCount() or QueryPerformanceCounter().

If the game uses GetTickCount()

Because GetTickCount() does not call any other lower level functions in Windows- we can hook it using a technique know as 'detour patching'.  Here we first locate the defintion of function in memory- save the first few bytes and then overwrite them with an unconditional x86 jump (JMP) to our code.  Our code then executes these overwriten instructions- may pass control to the original- and finally modify it's outputted values etc. For more information, and an easy to use API for hooking functions this way- download MS Detours here.  (The 'sleep' sample is an excellent and simple example- that shows you everything you need to know to get started).

Here is an example of my hooked speed function:

Code:

DWORD NewGetTickCount()
{
DWORD retVal;
retVal = pOrigGetTickCount();

return (retVal * speedMultiple);
}


If the game uses QueryPerformanceCounter()
[or is a stubs into a kernel mode function]

In a nutshell, the job of most kernel32.dll functions are to prepare any required parameters for the NTDLL.dll related function- and then to call it.  This wrapper type function in NTDLL.dll does hardly anything too- it loads eax with the callnumber of the low-level system service defined in ntoskrnl.exe (varies with each service pack), has the edx register point to the first argument of this function, and then executes the x86 instruction syscall- which switches the current thread to privilaged kernel mode (ring 0)- where the real function is executed in the windows kernel.

So, here is an example of the steps taken by the Windows OS when the game engine calls QueryPerformanceCounter() ->

call QueryPerformanceCounter() (in game engine) -> kernel32.dll!QueryPerformanceCounter() -> ntdll.dll!Nt/ZwQueryPerformanceCounter() -> ntoskrnl.exe!ZwQueryPerformanceCounter().

And when processing completes- control is passed backwards up through all the functions again ->

ntoskrnl.exe!ZwQueryPerformanceCounter() returns val to -> ntdll.dll!Nt/ZwQueryPerformanceCounter() returns val to -> kernel32.dll!QueryPerformanceCounter() returns val to -> call to QueryPerformanceCounter() (in game engine).

What we really need to do- is hook this function at the lowest possible level in user-mode (namely NtQueryPerformanceCounter() in ntdll.dll); call the original- and then multiply it's output value by some (speed) number, before we return it to the game.

Typically- your hooked function should look something like...

Code:

NTSTATUS NewNtQueryPerformanceCounter(
PLARGE_INTEGER PerformanceCounter,
PLARGE_INTEGER PerformanceFrequency)
{
PerformanceCounter->QuadPart = ((PerformanceCounter->QuadPart) * SpeedMultiple);

return retVal;
}


Where SpeedMultiple is obviously- the multiple of speed you define the program/game to run at.

You can also hook Nt/ZwQueryPerformanceCounter() using detours- it is much easier- but this method of interception may be detected.

Source: Subsky, former topic on TKC forum
« Last Edit: August 04, 2011, 01:38:58 am by M. O. »
Watch out where the huskies go, and don't you eat that yellow snow...

ZOldDude

  • The Unknown Rank!
  • Administrator
  • MasstKer
  • *
  • Posts: 20874
  • Old School TKC
    • View Profile
    • Admin
Re: Speedhacking - the lost tutorial
« Reply #1 on: January 30, 2007, 02:20:48 am »
He left out the link to Microsoft this time (where he copied the information from).

*While we crash and burn, small, low tech, agrarian societies such as the Hmong in the mountains of Laos will continue on without so much as blinking an eye.*

MonkeyAll3n

  • Guest
Re: Speedhacking - the lost tutorial
« Reply #2 on: January 30, 2007, 06:04:05 am »
[TKC] has stooped yet again lower  :roll:. Stealing other peoples privately released work and posting it on your forum word for word with no recognition of the author.

Crossmol, by obtaining that informaion and posting it here you are:
1. Cooperating with leakers who are involved in private sections in the {HaC} Community. The {HaC} community has this rule:
Quote
12.Infiltration, stealing of copyrighted materials, or cooperation with any person banned.

2. Contradicting your own communities rules,
Quote
4. If you are found leaking information outside of TKC, or assisting someone in doing so, you will be permanently banned.


You should be setting an example by being a mod. If it is ok for you to do this, then is it ok for me to take a private tutorial from this section and post it in another section on another forum?

Z I searched for this site that hold all of this copied information http://www.google.com/search?hl=en&q=microsoft+-+how+to+make+a+speedhack&btnG=Google+Search&meta= unfortunately I found nothing, can you help me find it?

Crossmol you posting this has lost any of the respect I once had for you and Z your comments have lost all of your/your communities credibility.

AppleSinclair
 admin room
« Last Edit: January 30, 2007, 06:18:26 am by [TKC] AppleSinclair »

ZOldDude

  • The Unknown Rank!
  • Administrator
  • MasstKer
  • *
  • Posts: 20874
  • Old School TKC
    • View Profile
    • Admin
Re: Speedhacking - the lost tutorial
« Reply #3 on: January 30, 2007, 12:14:51 pm »
http://tkc-community.net/forum/index.php?topic=5754.0

Apple....go fuck yourself.

I have no idea why the person in charge of this section leaves a spy/snitch in here at all.

You are known to have been spreading info from in here for ALONG time.


BTY this thread is a repost of what was already a public sticky before and IT DID have a direct link to the Microsoft Tech paper....and I see NO REASON for it NOT to be a PUBLIC post AGAIN.

Basically all the STICKYS that subsky removed when he was booted for being a anti-cheat maker were in FACT cut-n-paste from other people.
He NEVER claimed the information was all his own and MANY of the posts had links to the other people who's work he quoted.

Again...GO FUCK YOURSELF.

PS: As for Subsky's statement that ALL the cheats in this section will be blocked by "Detox"...any server running a program that uses any info he gathered from this section will be sorry they use his program....very sorry.

Let's see if either of you are smart enough to know what that means.
« Last Edit: January 30, 2007, 12:39:54 pm by ZOldDude »

*While we crash and burn, small, low tech, agrarian societies such as the Hmong in the mountains of Laos will continue on without so much as blinking an eye.*

ZOldDude

  • The Unknown Rank!
  • Administrator
  • MasstKer
  • *
  • Posts: 20874
  • Old School TKC
    • View Profile
    • Admin
Re: Speedhacking - the lost tutorial
« Reply #4 on: January 30, 2007, 04:35:43 pm »
Quote
then is it ok for me to take a private tutorial from this section and post it in another section on another forum?

You have been doing that for a looooong time already.
The Sysop warning you not to did no good either:

The Sysop said...
Quote
Also, don't send him parts of this topic from now on.

But you (even after I myself warned you) KEEP posting here and other sites information from this section as well as emailing him/others.

Fuck you....you anticheat helping snitch fucker!
SCA knows for a FACT that Subsky crashed the SCA server....I sent them a copy of his PUBLIC post.
They know for a FACT that you are a two-faced *edited*.

Have a nice time trying to play VC anyplace near you....and good luck with PAYING for those NAM servers for all the good it will do you.

If you have anything to say you can PM me or any other admin as your posting privileges are removed.
« Last Edit: January 30, 2007, 04:54:21 pm by ZOldDude »

*While we crash and burn, small, low tech, agrarian societies such as the Hmong in the mountains of Laos will continue on without so much as blinking an eye.*

ZOldDude

  • The Unknown Rank!
  • Administrator
  • MasstKer
  • *
  • Posts: 20874
  • Old School TKC
    • View Profile
    • Admin
Re: Speedhacking - the lost tutorial
« Reply #5 on: January 30, 2007, 04:58:30 pm »
Quote
then is it ok for me to take a private tutorial from this section and post it in another section on another forum?

You have been doing that for a looooong time already.
The Sysop warning you not to did no good either:

The Sysop said...
Quote
Also, don't send him parts of this topic from now on.

But you (even after I myself warned you) KEEP posting here and other sites information from this section as well as emailing him/others.

Fuck you....you anticheat helping snitch fucker!
SCA knows for a FACT that Subsky crashed the SCA server....I sent them a copy of his PUBLIC post.
They know for a FACT that you are a two-faced *edited*.

Have a nice time trying to play VC anyplace near you....and good luck with PAYING for those NAM servers for all the good it will do you.

If you have anything to say you can PM me or any other admin as your posting privileges are removed.

PS:
Quote
PS: As for Subsky's statement that ALL the cheats in this section will be blocked by "Detox"...any server running a program that uses any info he gathered from this section will be sorry they use his program....very sorry.
SCA has been warned by myself.
As for the server(s) you claim to help pay for....fuck you.
If they play your game they get what they deserve dealing with scum like you and him.

*While we crash and burn, small, low tech, agrarian societies such as the Hmong in the mountains of Laos will continue on without so much as blinking an eye.*

MrMedic

  • Moderator
  • MasstKer
  • *
  • Posts: 8900
  • programmer/dev/software engineer
    • View Profile
Re: Speedhacking - the lost tutorial
« Reply #6 on: January 30, 2007, 06:05:41 pm »
all i have to say is that apple has made himself/herself look like a complete idiot by posting ^ that.

z be a good idea my freind to place an edit time limit onto this board.
EnCoded Message: i3iy9yl8kr2xf3g2Txs3pr6ye3ya7jg5ty2z

https://www.youtube.com/watch?v=62_7-AYfdkQ
you need a paypal account for the private versions.

Website:
http://bit.ly/medic101

Teamspeak 3: 85.236.101.5:10157

ZOldDude

  • The Unknown Rank!
  • Administrator
  • MasstKer
  • *
  • Posts: 20874
  • Old School TKC
    • View Profile
    • Admin
Re: Speedhacking - the lost tutorial
« Reply #7 on: January 30, 2007, 06:48:59 pm »
Apple and Subsky can't post right now...but the can edit profiles and send PM's.
Until staff decides what to do with both accounts  CLEARLY they both can read what goes on in here.

How did your Karma points get so low?

BTW....g-spot asked to be removed from this in section support of Subsky or distaste for TKC....or both.

I think both.
Shit like this is why this section has no information being discussed in it for the past few months as Crossmoll has already said.

All the leaker's and asswipes need to be purged (yet again) and the new DEV file protection put in place or NOBODY will talk outside of TKC's voice chat.

TKC has allot more going on in more popular games and those DEV sections never had the problems that VC DEV has had.
« Last Edit: January 30, 2007, 10:03:29 pm by ZOldDude »

*While we crash and burn, small, low tech, agrarian societies such as the Hmong in the mountains of Laos will continue on without so much as blinking an eye.*

ZOldDude

  • The Unknown Rank!
  • Administrator
  • MasstKer
  • *
  • Posts: 20874
  • Old School TKC
    • View Profile
    • Admin

*While we crash and burn, small, low tech, agrarian societies such as the Hmong in the mountains of Laos will continue on without so much as blinking an eye.*

MrMedic

  • Moderator
  • MasstKer
  • *
  • Posts: 8900
  • programmer/dev/software engineer
    • View Profile
Re: Speedhacking - the lost tutorial
« Reply #9 on: January 30, 2007, 10:10:08 pm »
yes we have been discussing it on ts (about the leakers etc) , the main reason why we decided not to post info about things due to this reason.

is there anyway to see who has minus'd my karma z ? i am not too familiar with simplemachine's layout my friend as i host mainly phbb and vision boards.
EnCoded Message: i3iy9yl8kr2xf3g2Txs3pr6ye3ya7jg5ty2z

https://www.youtube.com/watch?v=62_7-AYfdkQ
you need a paypal account for the private versions.

Website:
http://bit.ly/medic101

Teamspeak 3: 85.236.101.5:10157

ZOldDude

  • The Unknown Rank!
  • Administrator
  • MasstKer
  • *
  • Posts: 20874
  • Old School TKC
    • View Profile
    • Admin
Re: Speedhacking - the lost tutorial
« Reply #10 on: January 30, 2007, 10:16:46 pm »
is there anyway to see who has minus'd my karma z ? i am not too familiar with simplemachine's layout my friend as i host mainly phbb and vision boards.

The sysop could see that in the server logs.....but it is alot of work for so small an issue.

I myself have seen your work and commitment for well over a year on other trusted sites (gee whose the staff on "it"!) so I will personaly pay you the respect that you have earned in my view.

Z

*While we crash and burn, small, low tech, agrarian societies such as the Hmong in the mountains of Laos will continue on without so much as blinking an eye.*

M. O.

  • Administrator
  • MasstKer
  • *
  • Posts: 9185
    • View Profile
    • http://www.tkc-community.net
Re: Speedhacking - the lost tutorial
« Reply #11 on: January 31, 2007, 12:53:02 am »
Lol, this star system is completely corrupt.  :lol:
Anyway, it appears that apple leaked info etc to subsky which equaled subsky having access to this section. He keeps on bragging about his anti cheat. With all those leaks we won't be able to show what the anticheat is worth. ;)
Heckling is an art, and game hacking a science.

Crossmol

  • Heckler
  • *****
  • Posts: 1522
    • View Profile
    • Facebook
Re: Speedhacking - the lost tutorial
« Reply #12 on: January 31, 2007, 03:31:37 am »
[TKC] has stooped yet again lower  :roll:. Stealing other peoples privately released work and posting it on your forum word for word with no recognition of the author.[/center]

This tut was posted on TKC forum so that means I'm reposting it, not stealing. About the author issue, copy/past word-document mistake (by me), I'll edit the original post.

2. Contradicting your own communities rules,
Quote
4. If you are found leaking information outside of TKC, or assisting someone in doing so, you will be permanently banned.

I posted it on TKC forum only, so I leaked a tut wich was posted on TKC forum and 'leaked' it to TKC forum? Uh........ Never mind...

You should be setting an example by being a mod. If it is ok for you to do this, then is it ok for me to take a private tutorial from this section and post it in another section on another forum?

No, it's not. I think you should read all carefully and then jump to conclusions. A posted topic TKC has been reincarnated wich still makes it a TKC issue.

Crossmol you posting this has lost any of the respect I once had for you.
Shame m8. I only reposted old TKC topics that have been deleted.

And as usual the topic is getting out of hand due provocing and that's why I'm going to lock it. And yes: you can quote me on this one on your other forum.

Watch out where the huskies go, and don't you eat that yellow snow...