[OpenSource][C++]Map Hack

[barrn]

Hey everyone, Today im going to show off the new N3XT PoE-MapHack.

The map hack is 100% open source, coded in C++ from scratch, it was mainly done to learn more about game hacking and how PoE worked. We decided to make it open source as we would like to see many more hacks be open source, especially in the PoE hacking scene.

The N3XT group is working on an injector for public use, but currently we don't have one we want to release, but there are many out there that are safe and easy to use.

Some pictures :




It works like a charm, and I am happy to share it with everyone interested in Path Of Exile.

Releases and Source can be found on our github page :

Code:

https://github.com/OPEN-N3XT

However I will add the dll file here, but if you don't trust me, take a look at the source yourself and compile it

[nightcracker]

Looked at the source.

This is totally pointless. The source only contains standard memory page permissions and unexplained offsets. Nothing to be learned from it.

[doragon]

#define OFFSET0 0x00000028
#define OFFSET1 0x00000034 //OFFSET0+0xc
#define OFFSET2 0x00000040 //OFFSET1+0xc
#define OFFSET3 0x0000004C //OFFSET2+0xc

offset always 0xC ))
---

0x00D9240C

Code:

        D9 00                 -  fld dword ptr [eax]        
        8B 0C 24              - mov ecx,[esp]

0xE8D9240C

Code:

      D9E8                 -    fld1         
      8B 0C 24              - mov ecx,[esp]

[barrn]

Looked at the source.

This is totally pointless. The source only contains standard memory page permissions and unexplained offsets. Nothing to be learned from it.

This wasn't meant to be a learning opportunity as such, this is literally me releasing a maphack with source.

[hrapvlesu]

Maphack was open sourced for ages as a cheat engine table (along with zoomhack and fullbright).
I don't think that wrapping that with VirtualAllocEx/CreateRemoteThread/WriteProcessMemory is a big thing.

[barrn]

Maphack was open sourced for ages as a cheat engine table (along with zoomhack and fullbright).
I don't think that wrapping that with VirtualAllocEx/CreateRemoteThread/WriteProcessMemory is a big thing.

It isn't, but people where complaining about things not working, so i decided to make this.

[nodiac]

wtf are you all crying about? Holy shit, this community.

[mugamexx]

How do you find MAPOFFSET?

[wallsocket]

wtf are you all crying about? Holy shit, this community.

This and people have nothing better to do than troll/harass/insult on forums to help get themselves through their boring pointless empty lives.

[barrn]

How do you find MAPOFFSET?

I used static analysis to find the portion of the code responsible for map reveal. From there I took my base (Which is 40000 in IDA) and I took the location of the start of the map reveal subroutine.
This gave me an offset, The offset is important because of ASLR. So we go BASE + OFFSET = location to modify

Hope this helps, I don't have my updater anymore I deleted it because I kinda abandoned this because of the negative response.

Feel free to PM me if you need any help, ill try find a copy of my old updater and I'll send it your way if I do. Just remember that this is detected now, GGG looks at this space in the game and if it finds it modified, you get banned

EDIT :

Sorry buddy, no luck on the updater. But what you can do is, take my offsets in the source and simply open IDA, load POE.exe and then jump to the location of the subs by taking the base ida gives you and adding the offsets in the source.
ie.

0x0400000 + 0x004D5FA0 = location of map sub routuine

You can from there create a signature, so that you can use that to find the location in your code, or like how i did it, make an offset so you don't have to search memory (Some advantages to this over searching memory)

[maper]

I used static analysis to find the portion of the code responsible for map reveal.

I don't mean to nitpick, but you didn't actually answer the question here. Since finding the map revealing code (and knowing how to change it so that the entire map is revealed) is the only part of the process that requires skills other than generalist programming knowledge, perhaps you could elaborate on that part?

I think that is the reason for the overall negative response.

[HvC]

I don't mean to nitpick, but you didn't actually answer the question here. Since finding the map revealing code (and knowing how to change it so that the entire map is revealed) is the only part of the process that requires skills other than generalist programming knowledge, perhaps you could elaborate on that part?

I think that is the reason for the overall negative response.

Not that I was there but i'd assume it was achieved using a live debugger by looking at the map struct and how it changes when you explore a map entierly.

[maper]

Not that I was there but i'd assume it was achieved using a live debugger by looking at the map struct and how it changes when you explore a map entierly.

Most likely. But how would he know where to find the map struct? Those are the kinds of questions that are helpful to beginners because it's specific to each game. There's tons of tutorials and source code already available about how to patch a game's memory or inject a DLL.

[barrn]

I don't mean to nitpick, but you didn't actually answer the question here. Since finding the map revealing code (and knowing how to change it so that the entire map is revealed) is the only part of the process that requires skills other than generalist programming knowledge, perhaps you could elaborate on that part?

I think that is the reason for the overall negative response.

I thought he wanted me to explain how I got the hex as an offset, as many of the others just use gordons memory searcher(UC) or a slightly modified version of it and chuck in a sig.

I'm kinda embarrassed, I used cheat engine, I followed fleep's tutorials (The guy on youtube) that showed how to find things with CE. I searched for changed values over and over looking for map, it took a while. I did end up finding it in and viewed it CE's memory viewer, I changed the float values around but nothing happened, that was mainly because I had no clue how to change "fld dword ptr [eax]" , I didn't understand why. I found blizzhackers around that time too, I saw how they modified the floats and copied that. then i went to ida to find the offsets and count to get the float locations. I got it into IDA by using the bytes that corresponded to the instructions and searching for them.

I see where the negative feedback comes from, but I guess I should have posted more info regarding the origin of it, I don't claim master hacker or anything, just wanted to share an app I made.

[barrn]

Most likely. But how would he know where to find the map struct? Those are the kinds of questions that are helpful to beginners because it's specific to each game. There's tons of tutorials and source code already available about how to patch a game's memory or inject a DLL.

Thats the trick, I didn't have a clue. I just opened CE and kept searching and searching. I found lots of things that I thought were map, but weren't ended up crashing me a lot of times when I tried to edit them to see what would happen.

I'm pretty new to this, I just wanted to pick up C++ / ASM so I could learn some reverse engineering. I didn't actually mean to pass someones work off as my own, I found the map reveal on my own with fleeps tutorials. At around that time I didn't even really know what a struct was.