Table of Contents for
Gaming Hacks

Version ebook / Retour

Cover image for bash Cookbook, 2nd Edition Gaming Hacks by Simon Carless Published by O'Reilly Media, Inc., 2004
  1. Cover
  2. Gaming Hacks
  3. Credits
  4. Contributors
  5. Acknowledgments
  6. Foreword
  7. Preface
  8. How to Use This Book
  9. How This Book Is Organized
  10. Conventions Used in This Book
  11. Using Code Examples
  12. Comments and Questions
  13. Got a Hack?
  14. 1. Playing Classic Games
  15. Legal Emulation
  16. Play Commodore 64 Games Without the C-64
  17. Play Atari ROMs Without the Atari
  18. Use Atari Paddles with Your PC
  19. Run Homebrew Games on the Atari 2600
  20. Create Your Own Atari 2600 Homebrew Games
  21. Play Classic PC Graphic Adventures
  22. Play Old Games Through DOSBox
  23. Play Reissued All-in-One Joystick Games
  24. Play Arcade Games Without the Arcade
  25. Add and Manipulate a MAME Frontend
  26. Keep Your ROMs Tidy and Organized
  27. Learn Game-Specific MAME Controls
  28. Filter Inappropriate MAME ROMs
  29. Autoboot into MAME Heaven
  30. Play Emulated Arcade Games Online
  31. Play Classic Pinball Without the Table
  32. Emulate the SNES on the Dreamcast
  33. 2. Playing Portably
  34. Play Games on Your iPod
  35. Mod Your Game Boy
  36. Take and Print Photos with Your Game Boy
  37. Compose Music on Your Game Boy
  38. Explore the GP32 Handheld Gaming System
  39. Take Your Console with You
  40. Explore the Bandai WonderSwan
  41. Play Real Games on Your PDA
  42. Install a PlayStation 2 in Your Car
  43. 3. Playing Well with Others
  44. Practice Proper MMORPG Etiquette
  45. Understand MMORPG Lingo
  46. Grind Without Going Crazy
  47. Make a Profit in Vana’diel
  48. Write MMORPG Macros
  49. Build an Effective Group
  50. Catch Half-Life FPS Cheaters Redhanded
  51. 4. Playing with Hardware
  52. Build a Quiet, Killer Gaming Rig
  53. Find and Configure the Best FPS Peripherals
  54. Adapt Old Video Game Controllers to the PC
  55. Choose the Right Audio/Video Receiver
  56. Place Your Speakers Properly
  57. Connect Your Console to Your Home Theater
  58. Tune Console Video Output
  59. Tune Your TV for Console Video
  60. PC Audio Hacking
  61. Optimize PC Video Performance
  62. Build a Dedicated Multimedia PC
  63. Use a Multimedia Projector for Gaming
  64. 5. Playing with Console and Arcade Hardware
  65. Play LAN-Only Console Games Online
  66. Hack the Nuon DVD Player/Gaming System
  67. Play Import Games on American Consoles
  68. Find a Hackable Dreamcast
  69. Play Movies and Music on Your Dreamcast
  70. Hack the Dreamcast Visual Memory Unit
  71. Unblur Your Dreamcast Video
  72. Use Your Dreamcast Online
  73. Host Dreamcast Games Online
  74. Burn Dreamcast-Compatible Discs on Your PC
  75. Burn Dreamcast Homebrew Discs
  76. Buy Your Own Arcade Hardware
  77. Configure Your Arcade Controls, Connectors, and Cartridges
  78. Reorient and Align Your Arcade Monitor
  79. Buy Cart-Based JAMMA Boards
  80. Programming Music for the Nintendo Entertainment System
  81. 6. Playing Around the Game Engine
  82. Explore Machinima
  83. Choose a Machinima Engine
  84. Film Your First Machinima Movie
  85. Improve Your Camera Control
  86. Record Game Footage to Video
  87. Speedrun Your Way Through Metroid Prime
  88. Sequence-Break Quake
  89. Run Classic Game ROM Translations
  90. Change Games with ROM Hacks
  91. Apply ROM Hacks and Patches
  92. Create PS2 Cheat Codes
  93. Hack Xbox Game Saves
  94. Cheat on Other Consoles
  95. Modify PC Game Saves and Settings
  96. Buff Your Saved Characters
  97. Create Console Game Levels
  98. 7. Playing Your Own Games
  99. Adventure Game Studio Editing Tips
  100. Create and Play Pinball Tables
  101. Put Your Face in DOOM
  102. Create a Vehicle Model for Unreal Tournament 2004
  103. Add a Vehicle to Unreal Tournament 2004
  104. Modify the Behavior of a UT2004 Model
  105. Download, Compile, and Create an Inform Adventure
  106. Decorate Your IF Rooms
  107. Add Puzzles to Your IF Games
  108. Add Nonplayer Characters to IF Adventures
  109. Make Your IF NPCs Move
  110. Make Your IF NPCs Talk
  111. Create Your Own Animations
  112. Add Interactivity to Your Animations
  113. Write a Game in an Afternoon
  114. 8. Playing Everything Else
  115. Tweak Your Tactics for FPS Glory
  116. Beat Any Shoot-Em-Up
  117. Drive a Physics-Crazed Motorcycle
  118. Play Japanese Games Without Speaking Japanese
  119. Back Up, Modify, and Restore PlayStation Saved Games
  120. Access Your Console’s Memory Card Offline
  121. Overclock Your Console
  122. Index
  123. Colophon

Buff Your Saved Characters

Hex editing your saved games can relieve tedious single-player leveling.

What if you knew you had a bunch of information about your character saved in a PC saved-game file, but you weren’t happy with it? Suppose your character has $10, but you want him to have $20. Following the general path of the saved-game hacking ideas on GameHacking.com (e.g., http://www.gamehacking.com/view.php?link=../tutorials/savehacktut.php), you can solve this little problem, too.

For this example, we’ll use HexEdit 2.1 (http://www.gamehacking.com/download.php?type=tools&file=hexeditors/hedit21.zip), a relatively old, but still serviceable hex editor.

Tip

You’ll need a passing familiarity with hexadecimal notation, which is where the name hex editor comes from. You’ll have to enter the value to search in hex. In this example, 10 in decimal is 0A in hexadecimal. The number 20 in decimal is 14 in hex. With a little practice, it’ll make sense to you.

To start, you need to know the current value of the item you hope to change. If you’re lucky, it’ll be unique and easier to find within the saved game. Once you’ve found it, simply replace the correct 0A with 14 and reload the game to see what happened. Keep multiple copies of the save file in case you messed up, of course. There’s more trial and error in this approach, but the game saves often follow very similar formats. Don’t be confused if you see 10 in the right column. This shows ASCII equivalents of hex values. Any text here is itself made up of individual number values. This is the absolute basic saved-game hacking, using trial and error with known values. It works well, though it pales in comparison with more sophisticated disassembly methods. On to glory!

Code Disassembly for PC Game Hacking

What if you could edit not only the values of a program, but also the routines that produce those values? Sounds complex, but this technique can yield the most fruit. Instead of resetting the timer continually, what if you disabled it altogether? That’s the type of goal code disassembly can reach.

What Is Disassembly?

Contrary to what game publishers and the general public might like to think, game binaries aren’t closed boxes you can never open. They’re just big bundles of cryptic but well-known instructions for your computer to execute.

A disassembler takes those instructions and translates them into something a little more human-friendly. The result isn’t as clear as the program’s source code would be, resembling Finnegan’s Wake on the overall comprehensibility scale more than a Dick and Jane primer, but with intuition, time, and practice, it’s possible to figure out the important pieces.

There are ways to make disassembly more difficult, but as long as people control their own general-purpose hardware, publishers will never prevent hackers from doing cool things.

You’ll need a specific type of tool. The free PEBrowse for Windows (available via http://www.smidgeonsoft.com/) comes highly recommended, as does OllyDbg (http://home.t-online.de/home/Ollydbg/). There are plenty of other disassemblers. The commercial SoftIce disassembler also has its fans.

Though the specifics differ from game to game, the technique is simple:

  1. Find the value you want to change. Load the game into memory, then use a memory finder to find the value you want to change permanently ( [Hack #76] ).

  2. Set a breakpoint on that memory address. Now that you have a memory address to watch, load the disassembler, and attach it to the executable. Set a breakpoint on the access of the memory address. The debugger will halt the execution of the program when something tries to read from or write to that memory address, showing you the exact assembly language commands.

  3. Replace the offending instruction. Suppose you want to stop a timer from counting down. In this case, you’ll likely see a DEC ??? command somewhere close to the breakpoint, decrementing the value of the appropriate memory location. Try changing the DEC ??? command to a null operation, NOP.

  4. Test your changes. Remove the breakpoint, and restart the game. If you removed the right command, you should see no countdown. If not, try again. It’s really as easy as that!

Obviously, this is a simple step in a complex land. There are few limits to what you can do, given time, intuition, and a grasp of assembly language.

Packet Editors and Hacking

Modifying network games is a little trickier because you control only the part of the game running on your machine. That’s still control enough, though. Packet editors allow you to intercept incoming packets from a server (whether it be FPS, RTS, MMORPG, or whatever) and alter what you send back. The GameHacking page on packet editors (http://www.gamehacking.com/sites/tools.php?sort=Packeteditors) has a few choice downloads, but there’s very little public information about packet hacking online.

Serious companies, such as Blizzard, encrypt their packets. This makes packet hacking more difficult, though not impossible. As well, packet hacking can’t give you an infinite amount of energy or kill all the other players unless the server allows those operations. You’ll have to find some way to exploit the rules. Your grand dreams of loot and equipment in a MMO are probably unrealistic.

Also, there’s a big difference between cheating in a single-player game and cheating in a multiplayer game ( [Hack #34] ). It’s one thing to change the rules of the game for yourself, but it’s rude to change them for other people without their permission.

Hacking Legacy Of Kain: Soul Reaver

Specific game hacks are usually best when done by die-hard fans who know a little bit about the included and removed features and items. While poking around in memory, it’s easier for well-informed hackers to pick up on subtle hints in variables and names.

A good example is The Lost Worlds site (http://www.thelostworlds.net/), which hosts an amazingly canonical catalog of all of the hidden, missing, and otherwise unknown parts of Crystal Dynamics’s popular Legacy Of Kain series. In particular, one page deals with hacking the PC version of Legacy Of Kain: Soul Reaver with WinHack (http://www.thelostworlds.net/SR1-Hack.HTML). Because the author knows the context, he’s excellent at finding the exact nooks and crannies needed to hit to modify the game.

As it turns out, the command-line parameters for the game—originally used for debugging—are still embedded in the executable. You can’t change them from a shortcut, as the developers probably could during programming, between they’ve removed that feature. You can change them in memory, however. If you load the game up to the first window, where you select the video resolution, you can then load WinHack, select KAIN2.ICD or KAIN2.EXE, and go to the hex-style memory editor. Click the Go To Address button, and enter $ 00C651E0. This turns out to be the memory location containing those command-line parameters, described on another page (http://www.thelostworlds.net/SR1-Memory.HTML) of The Lost Worlds site. Most of these are disabled, but you can use them to change the start location of Kain in the world, as well as a few other mainly broken options.

The game’s default parameters are currently set to:

 under 1 -mainmenu -voice -inspectral

but you can click on this text and add your own options. Your best option is to change under 1 to another location in the game. Don’t forget to type in the rest of the existing options and then fill in the remainder of that location with zeros in the hex column.

Use The Lost Worlds’s gigantic rooms list (http://www.thelostworlds.net/SR1_Area_List.HTML) to place your character anywhere you want in the game, even locations that you can’t normally reach from inside the game. The Lost Worlds walkthrough suggests using skinnr 18, which is a secret passage (http://www.thelostworlds.net/SR1-Secret.HTML) that’s inaccessible from the normal game. Very neat indeed.

It’s also possible to modify specific variables that are resident in memory after you load Soul Reaver, adding extra hidden powers and increasing your health by various means. Although you’d normally have to search to find the appropriate memory locations, the creator of The Lost Worlds site has done it for you. Download his WinHack-specific tag-list file (http://www.thelostworlds.net/Misc/SR1-Hack.zip) and import it from the Tag List/Load A New Tag List option.

This makes hacking the game as easy as clicking on each named option and changing values to increase your number of health bars and your total health. You can also award yourself all abilities in the game by putting 255 in the Abilities Acquired tag[15] cut from the game, which allows you to change between the normal and spectral planes at any time. There’s also a Player Z-Position value that controls the vertical height of Raziel, the main character, so you can place him on roofs you couldn’t normally reach. Be careful not to throw him too far out of the map, though!


[15] Don’t forget to hit Poke This Tag to activate it! You’ll have everything, including the Shift At Will ability (http://www.thelostworlds.net/SR1-SaW.HTML).