11-22-16
Tons of cool stuff!
Hacking things is lovely. I've found it easiest to scroll through process memory and look at objdumps of binaries while looking for key data structures and variables that are important to exploit--for example, if I see the a variable consistently changes every time I'm shot in a game, I'll either freeze it or set it to some ridiculously high number (still less than UNSIGNED_INT_MAX for safety). Another good strategy while looking at process memory is browsing for clues in the static text section, you can get a really good feel for how the data is going to be allocated and what types (literally--16 bit ints, 32 bit ints, chars, etc) of variables to look for and exploit.
In the future, I'd like to write a comprehensive memory editor to exploit a particular game. This is extremely difficult without the brute-force approach (just using object dumps, gdb, memory editors, and the shell for PIDs and to continue & pause processes). The implementation depends heavily on the version of OS (X) that you're running. I'll link to a few good articles and pages on this kind of stuff--it's hard to find this material for mac (even apple doesn't document that mach kernel calls!!).
an example of injecting code with mach:
using library insertion:
another code injection sample:
a project based on the above project and slightly better documented:
![[paper clip]](/courses/source/wiki_images/paper_clip_tilt.png)
name last modified size
