Memory Hacking SoftwareOver a year’s production put into it, it is closer to complete than when I started it.
This should satisfy all hacking needs, but there are plenty of features in store for the future, including a possibly faster searching routine.
This software was sent to Irrational Games for hacking Tribes:Vengeanceâ„¢ and to id Software for their programmers to hack Doomâ„¢ 3.
According to id Software, they were able to hack “hidden†data with it that was not supposed to be able to be located.
I used it to make my universal auto-aim and to hack all games I hack.
When I needed a new feature, I simply added it.
It helps that way.
As for the features, since they are not listed very well on my site, and the ReadThis.txt is very outdated, I will explain them here.
After a New Search you can perform a “Changed By†subsearch. This allows you to do an “Unknown†search and then calculate how the value (in the game) has changed and then tell the program to search for values changed by that amount.
It also has a very useful feature in the subsearch: Same as Original.
I plan to add more to this later, but for now it is the only search engine with this feature and is very helpful for unknown values.
If your E-Bar is at 100% but you do not know the actual number they used to store “full energyâ€, you can do an Unknown, then take damage, do a “Less Than†search, refill your energy, and then search for “Same as Originalâ€.
After you have added a value to the main address list, you can see all memory data regarding the address.
Click the address and hit “
I†(this is a hidden feature so pay attention).
You can then tell which addresses are static or if they move, etc.
Pointer searches make finding pointers a breeze. Why would you need to find pointers? What if the data you want moves every time your character respawns?
You need the pointer to the data of the character to keep track of where the character is in memory.
In the future, a feature to lock stored addresses to pointers will be added so that when a pointer moves the location of the memory you want to study/lock, the memory hacker will automatically move to the new location with the addresses in your main list still in tact.
Group searches?
Another first-and-only. Let’s say you have a group of mostly unknown data. It has maybe 30 bytes total (an unlikely example) and you know that some of the bytes are FF, 00, A0, 30, 20, and 4D (maybe you have a texture file or a bitmap, etc.). Well you can figure out the rest.
String searches. Common but never before with these features.
Many games store text at an offset, for example, Final Fantasy® VII storing them 32 bytes from their ASCII representatives.
So, “Albert†would become “!LBERTâ€, and instantly all other string-searching tools are rendered useless, unless you already know the offset value of 32, thereby allowing you to search for “!LBERTâ€.
My program allows you to search for all (or any number of) offsets, in the likely event you do not know if the strings are stored at an offset.
In case your “string†has a 0 character, you can use the converter tool to easily type the string into a hex line, adding 00 as you wish, and adding more characters after that. You can search for multiple strings this way, or strings that are not actually text, and therefor could contain a 0 (be sure “String as Hex†is checked).
The RAM Watcher allows you to view RAM in real time.
You can access it directly, but also after a search.
When you have opened the results list, showing all the values the search has found, you can right-click an address from that list to open the RAM Watcher to that location and view it in real-time before adding it to the main list, in case you have two values that are very similar and you do not know which one you should add.
The exporter should help a lot with any data files you would like to export.
It explains itself.
After you have done a search and there are a some “found addressesâ€, you can load the list view to see those addresses (same place where you right-click to launch the RAM Watcher).
There is a Zero All button. Generally this is risky but you can use it to see if you are on the right track in your searching.
One example was in Perfect Dark™. By walking on land and checking Joanna’s Z position, I can tell that the floor as it 480 units. By searching for all floats at this height, I get two main sections of data which could match the map data.
Using Zero All, Joanna falls through the floor and the map becomes graphically tangled (though the floor itself is drawn correctly because the polygons and textures are stored in graphics RAM).
Now I know for sure one, or both of those sections reveal information about the map where I was playing.
Simpley restarting the map loads it correctly and I can export those two data sets seperately and also research each section more to figure out how they relate to the map.
One section is the collision data for that area and the other is a viewfield. Modifying the vewfield makes random parts of the map visible depending on your position and of course modifying the collision data makes you fall to the position of the new floor.
There should be enough options for all, and I am open to suggestions for future releases.
Irrational Games asked me not to release this as it is quite powerful and could aid in the making of an auto-aim for Tribes:Vengeanceâ„¢, but since they asked me how to make their game secure, then DID NOT IMPLIMENT WHAT I TOLD THEM TO DO, and probably will not even put my name in the credits, I no longer really care.
id Software has given me permission because they implimented the changes I told them to do, and thus this tool is not capable of helping in the making of an auto-aim for Doomâ„¢ 3.
For the future, I certainly plan to make a graphical display of the RAM, showing each chunk and its location.
Clicking a chunk would then show more information about the chunk, including pointers and their targets.
Also an ASM viewer.
Also for general search features, such as a “Range†subset of the “Changed By†subsearch.
Then you can search for values that have “Changed By†any number between so-and-so, rather than the exact number you specify.
Try it out and tell me what you think.
I am eager for input on this project.
If needed, I can make another post later about how to use the pointer features as they are the trickiest and most specialized features.
