While I was letting the L4 Eve Online bot do its business, I was playing a nice game of Metro 2033. I have to say its a very nice story line and the atmosphere in the game is great.

But damn I hated running out of ammo!

So for you guys out there that hate that too, change the function at 0x74C7C3 into nop's and you wont run out of ammo anymore :D

Perhaps this weekend I'll make a proper trainer, although chances are I'll be too busy playing with the L4 Eve Online bot :)

Well after a weeks worth there is now partial support for pickup missions. The MissionController doesn't actually wait for loot (yet), nor will it check every can / wreck (yet), but it does pickup loot. But I got a bit annoyed by the performance issues with ISXEVE, so I decided to "motivate" the people behind ISXEVE a bit, perhaps more on that in a week (for now the motivator stays private).

I also squashed a couple of bugs here and there (like panic mode only working once).

This week its all about finishing support for pickup missions and start working on drone support.

Somewhere in between I will also look into using the right ammo for the mission (if the faction of the mission is known through either XML or mission information). Should not be 'that' hard.

Sunday was very productive, I've finished a lot work on the Mission Controller. The Mission Controller is responsible for the actions within a mission, with that finished the bot becomes very close to a workable release. Currently it supports a range of actions, but an important action is not finished yet (picking up items in space). I'll work on that in the coming days.

I also added a Panic mode after I nearly lost my ship due to it running out of cap, being scrambled and having no shield. Lets just say that's not what you want in a (over priced) mission running ship ;)  The panic mode keeps track of your cap (it does assume that you can actually tank everything, perhaps I should change that) and makes all warp-scramblers a priority target (e.g. they get killed before anything else).

Other then that I also fixed a number of bugs, although I still havent found one that causes a popup screen every so often (although I did manage to lower its occurrence).

With the above done, the state of the current bot means that it can run a 'normal' kill-everything mission without interference from a person. Anything else requires manual interaction (picking up items, destroying certain structures, etc).

So the TODO list looks a bit like this at the moment (ordered by 'priority'): 

• Fix bugs ;)
• Add support for pickup missions
• Add looting for wrecks (keeping in mind the amount of space needed for the pickup mission)
• Add auto-learning for mission damage types (e.g. if you do "Gone Beserk" then it should take different ammo types the first time, but the second time it should only take the 'correct' ammo for the mission).
• Allow custom mission actions when needed, the idea is that the bot is able to most of the missions without user defined actions though.
• I might add support for courier missions, since they can be profitable in some of the mission arcs.
• Anything else I can think off :)

I made a lot of progress since the last post that I made, I've added the following features:

• Interact with an agent and accept all none-courier missions (e.g. it will decline courier missions!)
• Load ammo for a mission (current version loads all ammo types)
• Travel to a mission
• Travel back to the agent
• Complete the mission with the agent
• Unload all loot into the hangar

Slowly getting a real mission bot, but I still have some work ahead of me.

The biggest part is running the mission itself. Seeing as it currently warps into the mission area and just sits there. So I need to write a class which will perform the mission objectives.I've got some idea's (mostly stolen from EVEBot's missioner), hopefully I will complete that today or tomorrow.

Also the arming class now loads all ammo types regardless of mission requirements. Its a waste of space, so that needs to change too. I only want to take ammo that's required for the mission. This class should eventually also re-fit the ship based on mission type, however that's very low on my todo-list due to the fact that I overtank L4's by a mile.

After those two major changes, I need to fine tune some things, like not accepting low-sec missions. The purpose of this bot is low-risk, and low-sec is not low-risk.

Once this is all done, I might look into courier missions for a complete mission package (some mission arc's start out as combat missions and turn into courier missions).

I used to play EVE Online a few years ago, but I got bored with it and quit. Gave all my chars and ISK away. However with my friend not playing Warhammer Online a lot anymore, I needed a new MMO fix. So I started with EVE Online again, spend some euro's on some ISK, bought two chars, a PvP char and a Mission char.

But as we all know, running missions (or making isk in the game) is boring as hell ;)  So I turned to an old friend of mine called ISXEVE which uses Inner Space. With ISXEVE you can automate nearly everything in the game, I used it in the past. But 'back in the days' the .NET wrapper was instable.So you had to code all the stuff in Lavishscript (the scripting language of Inner Space), which is horrid (at least that's my experience).

But things have changed, ISXEVE's .NET wrapper became stable (but ISXEVE a bit slower, although their working on that). So I decided to start writing a mission bot for EVE (using ISXEVE + Inner Space). I also thought it would be nice to blog about my progress, its not my usual stuff (e.g. trainers) but a bot is hacking too ;)

Last week I spend some time writing the combat and salvage modules for the bot. But with ISXEVE's performance issues, it was completely unusable. I decided to rewrite most of the code thus far and add a serious caching manager, and performance is almost great. Currently the bot is far from complete and its very specifically tailored to my needs.

Current 'features' are:

• Activate shield hardeners
• Activate shield booster at <65% shields and deactivate it once >95%
• Targets 4 'high value targets' and 2 'low value targets'
• Targets 2 wrecks
• Uses a tractorbeam on the wrecks (I have 2 fitted, so it'll tractor both wrecks) (40km range)
• Uses salvager when wreck < 5km
• Uses torpedos to kill high value targets first and then low value targets

Its far from usuable at the moment and it currently doesnt really have any config files, so you have to recompile to change certain things (like max missile range, number of locked targets, etc).

I will keep you guys posted at the progress that I make with the bot. You can download the current version (with source code) here. Whenever I feel like something major has been updated / added, I will update that zip file. And if you didnt guess yet, you do need ISXEVE and Inner Space for this bot to work!

I recently bought Alien Breed: Impact from Steam, an Arcade Shooter (as they call it themselves) that gave me back 'old' feelings (they don't make that many games like it anymore). Anyways, I played it for a while but the controls of the game are horrid. I ended up getting annoyed by the controls. So the logical next step is to hack it ;)  By the way, if the controls where better, it would be a lot more fun to play.

However, Alien Breed uses the Unreal 3 Engine. Several other games use it too, like Mass Effect 2, which made me 'worry' a bit. The Unreal 3 Engine takes OO-programing to another level. As soon as I found some values (ammo/health) my suspicions where confirmed. Just like Mass Effect 2, Alien Breed uses 1 function to subtract nearly every value in the game.

Initially I wanted to give up, not that hacking it is impossible. It is just a lot of work and is it really worth it? I decided not to give up. And my decision will probably make me look into Mass Effect 2 again.

After putting a (memory-write) break-point on the ammo value, I saw that the instruction at 0x4BE228 is responsible for subtracting health, ammo, enemies health, cash, etc. Replacing the the "sub [ebx], eax" instruction with nothing (nop's) worked.  Ammo was frozen and I couldn't die. But it also made it creatures, windows, etc invincible.

The next step in the chain was to trace (using Syser) the function's return address (which was 0x4C5331), that was a dead-end too. All values used this same function. Instead of digging deeper, I decided to try and find something in the call-arguments of the subtract function (0x4BE180) that allowed me to identify the values it was subtracting from.

To do this I had to figure out a bit on how the subtract function worked. This wasn't easy, mainly because the function accepts a wide array of values it has to subtract from. Through tracing I found out that the first call within the function (call edx at 0x4BE1B5) retrieves the pointer to the value it is going to subtract from.

Looking at the first call that it does, we find out it bases this call on the value that is present at the first argument + 0x18 (it loads the first argument in esi @ 0x4BE183 and then loads a the pointer from [esi+0x18] into eax). It loads a byte from the pointer that it gets, and then uses that to call the function for the address to the value. For ammo, health, cash, that value is 1. The function that it calls when the value is 1 is 0x4BB610.

Inspecting this function gets us to the following conclusion, [[[first argument + 0x18] + 0] + 0x64] contains the offset of value compared to the class that is calling the subtract function. While checking out the memory address that [[first argument + 0x18] + 0] points to, I saw that [[[first argument + 0x18] + 0] + 4] points to a value identifier. For ammo this identifier is 32810 and for health its 5685.

With this info we can determine when to subtract the value, and when to keep the value the same. The problem however was that the function overwrites several things before it finally gets to the actual subtract instruction (at 0x4BE228). So the decision to subtract or not would have to be made at the start of the function. (perhaps its possible to get the  original esi value back, but I gave up looking for it)

This brought me back to the function that calls our subtract function, which was the 0x4C5331 function (or well, thats the return address). In this function we see that it gets the subtract function from a look up array (see 0x4C5322), using Cheat Engine we find that the subtract function-address is stored in 0x11C9438. I decided to make a detour function and write its address into 0x11C9438.

With the detour function in place, my first try was to not-execute the subtract function if it concerned ammo/health/etc. This quickly led to a crash. Apparently the subtract function does more then subtract. My next try was to get the pointer to the value, and increase it with the value being subtracted (as such, subtract would then have no effect). This quickly led to an issue, the value it subtracts from the main value (ok too many value's in one sentence) is also stored in an object.

It was getting late, and I was getting bored real quick with these objects in objects. So I decided to actually change the code depending on the main value. If the value is ammo/etc, I change the subtract instruction at 0x4BE228 to nop, if the value is something else, I change subtract the instruction at 0x4BE228 back to its normal value.

This worked!  So while probably not the most elegant method to success, it definitely works. I had to put in one additional check for Health. Because the Health identifier was the same for everyone (e.g. also enemies), I had to check if the health was player-health or enemy-health, I did this by checking the v-table of the calling-class (for the player its 0xF4FE60).

The end result is this +4 trainer.

It's been a few months since I was able to update the site. I've been so busy with work that I haven't had any free time that I was willing to spend on hacking ;)

However, I noticed Defense Grid got updated. They added a few DLC packs. So here's a new version. I only updated the offsets, and I only tested it after I downloaded one DLC. Perhaps the executable changes every DLC, but I doubt it.

With the steam bargains I have bought a few 'new' games which I will probably hack just because its possible ;)

I will probably also add either an additional blog to the site, or just add it on this blog with other tags, where I will post a bit more on problems that I play with at the work place. I run into "fun" issues every so often, which could be fun to share :)

Well I updated the Influence Hack for Warhammer Online, in theory this hack should continue to work after (minor?) updates. It searches through memory for the influence hack location using a pattern created by IDA.

The pattern matching isn't that exciting, just search for an array of bytes and if the match is found then that's the address that I want. Its reasonably fast (it finds the address in 1.3.4.529 within 1 second on my PC).

Anyhow, you can download it here. Enjoy!

Edit:
According to this post Mythic is  apparently detecting influence hacks (finally):
http://www.mmoelites.com/topic/633-a-warning-to-all/

So be careful with using this hack.

I didn't feel like hacking anything for a while, but here's a small trainer I wrote for Zombie Driver. Its not exactly "state of the art", mostly because it was really easy to hack. Unlike some Steam games, Zombie Driver didn't bother with any anti-cheat code or any tricks to make it harder. In some ways it's refreshing.

Anyhow, you can download the +8 trainer here.

It seems Torchlight got updated on Steam this week, this meant the trainer was no longer working. I have fixed it and the trainer works again.

You can download it here.

Edit: Its really updated now! It seems upload failed and the old version didnt get overwritten.