![use ida pro to hack games use ida pro to hack games](https://www.go4expert.com/proxy.php?image=https%3A%2F%2Fd1cakvb8tfmuws.cloudfront.net%2Fhacking-games-guide%2FMoneyScan2_SS.jpg)
![use ida pro to hack games use ida pro to hack games](https://i.imgur.com/DmYozXo.png)
This is actually what we are going to see today, a variation of Lua, which is being used by Vermintide 2 to add content and features to the game. It is highly possible that you find something called LuaJIT inside games, this is an independent implementation of Lua using a Just-in-time compiler which runs even with more speed than the normal Lua.
![use ida pro to hack games use ida pro to hack games](https://feuniverse.us/uploads/default/original/3X/e/4/e4cf2153aa87a6529ffa08da636b1724d7b39bc3.png)
I let you here an interesting post about Lua and games here. It runs in multiple operating systems such as Windows, Unix, Android, iOS, etc. Lua is distributed in packages and can be built in almost all the platforms that have a stander C compiler. It is an extremely powerful, flexible and easy to integrate scripting language, which allows game developers to add functionalities to game client in a much more readily way. Boosting our experience to reach MAX lvl LuaĪs we have seen with AngelScript, when Lua is used in games, it has the main goal to add client site features to the game.
Use ida pro to hack games code#
In the end, we will be executing our own Lua code inside the game context without any limitation.
Use ida pro to hack games how to#
This time we go for more, we are going to see how to hook Lua inside a well-known game (Vermintide 2) to practically do anything we want, boost our experience, spawn items on your inventory or on the floor, heal yourself, send chat messages, kill everything? Why not? TL DRĪfter an introduction to Lua, we are going to analyze how we can hook Lua inside any game and then we are going to explain each step to write your own LuaHook. If you haven’t read it yet, I really recommend you to do it, it was an interesting case, and there isn’t much information about hooking AngelScript on the Internet. Here is the function in plain English with the dashes:Ġx101970: Load R6+0x24 into R0 -/-/-/-/-/-Ġx10197C: Store the value of R0 in R6+0x24 -/-/-/-/-/-Īnd here is the same function, but instead it is in assembly instructions with what we can change to what to make coins infinite:Ġx101970: LDR R0, //we can change this to LDR R0, so it loads 803 million into R0 instead of the regular amount of coins.Ġx10197C: STR R0, //we can change this to STR R7, so it stores 803 million into R6+0x24 instead of our regular coins value.In the last post, we saw how to properly hook and use AngelScript from HPL Engine to manipulate a game. Those two instructions now have dashes and slashes because I don't think you can bold text that already has the code tag. To make it infinite, all we have to do is change the STR (store) because we first want to store R7, or 803 million in R6+0x24 and the LDR (load) instruction because we know want to make it load R7, or 803 million into R0 instead of the regular value of coins. To make our coins infinite, we only need to modify instructions with R0 in there because, again, R0 holds the value of our coins. I'm sure that you know that R7 holds the value of 668 - 803 million (I'm pretty sure, I know that it is a huge number). Now we have figured out what the function is saying in English. This function (between 0x101968Ġx10196C: Store the value of R1 into R11+var_s0Ġx101978: Add R0 and R1 together and store the value in R0Ġx10197C: Store the value of R0 in R6+0x24 But what is this function saying? This is the first step of figuring out how to make your sub_x hack work. You are usually always hacking MOV's, STR's, LDR's, ADD's, SUB's, and sometimes CMP's and branches (BEQ, BL, etc.) In this case, R0 holds the value of our coins. Why? Because when hacking sub_x, you hardly ever pay attension or modify instructions with SP (stack pointer) in it. Is what we will be working with, everything else does not matter. This is the example I will be using for this tutorial.