Author Topic: Bit Slicer allows you to search and modify values in video games  (Read 5404 times)

0 Members and 1 Guest are viewing this topic.

Software Santa

  • Administrator
  • *****
  • Posts: 4279
  • OS:
  • Mac OS X 10.6 Mac OS X 10.6
  • Browser:
  • Firefox 4.0.1 Firefox 4.0.1
Bit Slicer allows you to search and modify values in video games

Quote
Bit Slicer is a tool for Mac OS X that allows you to search and modify values in video games such as: score, lives, ammunition, and much more.

Features:

    Searching values & narrowing down results
    An array of searching options (bounded ranges on values and memory addresses, case sensitivity on strings, epsilon for floating-point numbers, and more)
    Flexibility of variable table including adding, deleting, and modifying variables with ease
    Extensive undo support for reverting many kinds of changes including searches
    Support for searching and dealing with pointers by modifying a variable address in a dynamic manner
    Storing a process' memory space and comparing how the values have changed at a later time
    Convenient string handling assuming strings are null terminated
    Freezing variable's values so that they don't change
    Dumping memory to files for inspecting processes
    Pausing a process in Bit Slicer or outside via a hotkey.



Similar tools already exist on the Mac, but I created Bit Slicer because I was a bit unsatisfied with other alternatives -- due to either lacking important features or lacking a decent Mac interface.

With this tool, you can basically search for things, and change them in a running program. A common application for this is for cheating in video games. Side note: Bit Slicer works with native games, and I think Cider ports and the such should be fine. PPC games may not work so well.

You first choose what application you want to search in the Target field as shown in the screenshot. Then you can start searching things.

How do you search for things? Well, you're looking for variables, which have some aspects. Say we're finding a player's number of lives in some video game, then the variable would have these aspects:
1) its intent/name (my number of lives)
2) its value (say, 5) and memory address (this is what we're going to find, this is usually in hexadecimal notation)
3) its type of data and number of bytes, or size, in memory (let's guess it is a 32-bit [or 4 byte] integer)

So in Bit Slicer, if I were looking for my number of lives, I'd type 5 in the value field, choose 32-bit integer under data type, and have the function be Equals because we want to find all variables whose values are equal to 5.

And something like the screenshot above will show what can happen. It turns out that a lot of variables in memory have the value 5. So how do we find which value is the actual one we want, that is, which one out of the thousands of variables is my player's number of lives? Well, simple. Change the value in the game and search for the new value in Bit Slicer. Repeat, and eventually you'll narrow down your results to just a single or few variables, and then it becomes easy.


In this case, the variable for my number of lives now has the value 2, and is located at 0x1BE68, and is a 32-bit integer. If I was unsuccessful in finding the value, I would try another integer data-type to search for instead such as a 16-bit integer (this is just guess work).

You can then change the variable by double clicking in the value column in the table, and typing in a new one. And once this changes, if all goes well, the number of lives I had in-game changes too. I also changed the name of the variable in the table to something meaningful - "my lives" - this is just to be a bit self documenting.

-------

And that was just a really simple example. I'll select a few more features to talk about, I think this will resemble a FAQ more now.

Data types?

There are integers (ranging from 8-bit to 64-bit in size), floating-points (floats [4 bytes] and doubles [8 bytes], numbers like 54.0, -2.3, 100.4), and strings (UTF-8 and UTF-16 where each byte is 8-bit and 16-bit character, respectively).

Manually Adding Variables

You can manually add variables to the table, as long as you know its memory address and data type. Quite useful. It's in the Tools menu. After you add the variable, you'll want to modify the variable's address in the table.

Compare Stored Values

Enabling 'Compare stored values' checkbox (under Options in the document window) compares the variable's current values to the variable's past values since when you hit 'Store All Values' in the Tools menu. This is useful if you, for example, want to find all the variables that have increased in value since a certain time. If you're having trouble finding a variable, then you may want to try this. Or, you may want to try this if you're not certain what value you're searching for (for example, your health in a health bar).

Editing Variable's Address Dynamically [Or Pointers!]

You can edit a variable's address in a more advanced way by going to Tools -> Edit Variable Address. An expression such as [0x1BE28] will be substituted with the pointer read at 0x1BE28. Pointers are memory addresses. Often times in programs, there are pointer variables which are simply variables whose value is a memory address to another variable in the program. You can also add and subtract offsets, and nest []'
s (for example: [[0x1BE28] + 0x8] - 0x8 is a valid expression).

If you're searching for a pointer, use the pointer data type.

Pausing Processes

This completely pauses the target program which is sometimes useful.

One way is in the Tools menu for the targeted process. Another way is to assign a hot key in Bit Slicer's preferences, which pauses/un-pauses the frontmost process you're using; quite convenient.

Dumping Memory to a File

This allows you to read some memory from a program and save it to a file. You can either specify a starting address and an ending address, or you can dump all readable and writable regions into various files including a merged file. These are located in the Tools menu.

Flash Games

Often times in flash games, but supposedly not always, for integers you'll need to multiply the number you want by 8 to get the value you want stored in memory. For example, if you want to search for your score in a flash game which is 200, then try a search for 200*8 in the value field (Bit Slicer will automatically evaluate that to 1600).

Also, if you are using Safari as your web browser, then you may have to search in a process called "WebKitPluginHost" or "Flash Player" (or perhaps something else?) instead of Safari. If no such processes exist, then try to search in Safari. For Chrome, you need to be careful which process to choose from because Chrome creates a new process per tab.

http://zorg.tejat.net/programs/
« Last Edit: February 23, 2014, 01:31:23 PM by Software Santa »

 

email