How to force 32 bit now?

[Master674]

Programming the hack for x64 is the smallest problem. The biggest problem is there is no Hex-Rays decompiler for 64 Bit Binaries jet

And no Awesomium or CEF for x64
Otherwise mine would already be 64-bit compatible.

[Midi12]

What is CEF ?

[Master674]

What is CEF ?

Chromiumembedded

[Jaerin]

Isn't this pretty much exactly what I said? Regardless if the reason that hacks aren't getting written for 64-bit is cause by a lack of the proper tools or a lack of knowledge programing 64-bit hacks is immaterial.

Those tools weren't always available and hacks were written for 32-bit. Hackers need to learn to hack 64-bit programs, that includes developing the RE tools to do it.

[Master674]

Isn't this pretty much exactly what I said? Regardless if the reason that hacks aren't getting written for 64-bit is cause by a lack of the proper tools or a lack of knowledge programing 64-bit hacks is immaterial.

Those tools weren't always available and hacks were written for 32-bit. Hackers need to learn to hack 64-bit programs, that includes developing the RE tools to do it.

So you say I should code a whole webbrowser engine so I can have all the features from 32-bit in 64-bit as well, just because there are no alternatives?

[Jaerin]

So you say I should code a whole webbrowser engine so I can have all the features from 32-bit in 64-bit as well, just because there are no alternatives?

Not at all. I'm not telling anyone to do anything.

[hankchinaski]

Isn't this pretty much exactly what I said? Regardless if the reason that hacks aren't getting written for 64-bit is cause by a lack of the proper tools or a lack of knowledge programing 64-bit hacks is immaterial.

Those tools weren't always available and hacks were written for 32-bit. Hackers need to learn to hack 64-bit programs, that includes developing the RE tools to do it.

there are more than enough very good 64Bit Hack Frameworks out there you are absolutely wrong.

[Jaerin]

there are more than enough very good 64Bit Hack Frameworks out there you are absolutely wrong.

Oh? Then where are the hacks for 64-bit?

I never said there weren't any tools or frameworks out there, I said the hackers need to learn how to use them.

[Midi12]

But people are lazy ^^

[Jaerin]

But people are lazy ^^

Personally efficient If you don't need 64-bit why spend time coding it?

[Midi12]

Yeah i don't need 64bit atm it's true, i was saying "lazy" for me and some friends, not aiming someone else ^^
Also I don't have enough knowledge in 64bit to produce something usefull

[Apoc]

Juuuust want to point out... anybody doing x86-based stuff, is already doing x64 stuff. If you're using var-sized pointers (DWORD_PTR or IntPtr).

[Scler]

Here is some offset patterns I used in my home made 32 bit launcher created in c#:

GetNativeSystemInfo patch: 66837C24**090F94C0
Add 6 to the result and patch 3 bytes to this location to force 32 bit client downloading:
byte[] newBytes = new byte[] { 0x30, 0xC0, // xor al, al
0x90 }; // nop

Also I patched 3 other locations to prevent files and directories being deleted so you won't have to redownload the 64 bit client

DeleteFileW_1: 85C075**FF**85C07E**0FB7C00D0000078085C078**57FF15
Add 0x16 to the result and patch

byte[] newBytes = new byte[] { 0xB8, 0x01, 0x00, 0x00, 0x00, // mov eax, 00000001
0x90, 0x90 }; // nop, nop

This basically results in overwriting the call to DeleteFileW and returning a success to the caller so it appears the file was deleted but wasn't


RemoveDirectoryW: "FF512050FFD385FF75**FFB5E8FDFFFFFFD333FF"
Add 0xA to the result and patch

byte[] newBytes = new byte[] { 0xB8, 0x01, 0x00, 0x00, 0x00, // mov eax, 00000001
0x90, 0x90, 0x90 }; // nop, nop, nop

Same as DeleteFileW 1, it won't delete the 64 bit client folder


This third pattern is not really needed since this location deletes temporary patch files in the \Patch folder

DeleteFileW_2: "0FB7C00D0000078085C078**56FF15"
Add 0xC to the result and patch

byte[] newBytes = new byte[] { 0xB8, 0x01, 0x00, 0x00, 0x00, // mov eax, 00000001
0x90, 0x90 }; // nop, nop

Same as DeleteFileW 1

What I did was used pinvoke to CreateProcess "wildstar.exe"
Thread.Sleep(200);
SuspendThread pi.hThread
Scan for patterns
WriteProcessMemory the new bytes
ResumeThread

let wildstar's patcher do the rest and then hit play

Of course, now there is lots of guesses that this sort of program can get you banned and I presume its what got my account permanently banned but I did use cheatengine 6.4 so that is another possibility as well. I think it would probably be safer to just have an alternate 32 bit installed windows and don't worry about patching their patcher but if they do have some sort of game guard then any other bot would be caught further down the line.