Using VMs for Rapid, Iterative Game-Hacking Projects January 17, 2018

Does the following scenario sound familiar to you?

Start game. Learn game by playing game. Decide on a certain type of hack. Start Cheat Engine. Do initial scan. Change stuff in game. Do another scan. Change stuff in game. Do another scan. Same thing, 10 more times. Find 500 results and try to change them all at once. Game crashes. Start game again. Start Cheat Engine again. Get back to point in game where you can start scanning again. Do initial scan. Change stuff in game. Do initial scan. Change stuff in game. Same thing, 10 more times. Find good address. Find what access the address. Game crashes once debugger was detected. Start game again. Start Cheat Engine again. Ad infinitum.

Wouldn’t it be great if you could drastically reduce the time it takes to go through the process of creating a game hack? Well, now you can for the low-low price of only $14.95 per month! Only kidding. =)

One of the best tips I was given by a fellow game hacker many years ago was to use a virtual machine to hack games. At the time, that tidbit didn’t really resonate with me due to the fact that I was hacking rather simple things; however, the last couple of years would see a significant change in how/why I hack games, thus bringing full-circle the inclusion of VMs into my workflow.

To be clear, using a VM to reverse engineer a binary isn’t a new concept. In fact, it’s a staple in specific applications of reversing, such as malware. Generally, the use of VMs is applicable to just about any project where you want to safely analyze a binary, save machine states for further inspection, state preservation over time, and to greatly reduce the time it takes to analyze a target–especially in cases of dynamic analysis where you don’t want to have to keep spending time getting back to a certain state, like what I noted in the opening scenario.

While VM technology has come a very long way and is extremely performant these days, things like pointer scanning and scanning “all” memory types can take quite a bit longer than they would on a native, host OS. Additionally, it can work wonders for performance if you configure games to run on their lowest settings possible, which shouldn’t be a big deal since you’re presumably hacking games in a VM instead of playing them in a VM.

The first VM solution worth noting is VirtualBox, by Oracle. It’s FREE and open source, but don’t let that fool you into thinking it’s a shoddy application. VirtualBox is extremely powerful and should be more than sufficient for your game-hacking projects. Since you can run multiple guest OS instances simultaneously (limited only by how much RAM is in your system), I like to set up server/client configurations between multiple VMs (one as server, and then multiple clients) and inspect communications between them inside of each instance! Below is a VirtualBox tutorial:

The next VM solution is VMWare Workstation Pro, by VMWare. There is also Workstation Player. The difference between the two is Workstation Pro ($250) allows you to run multiple VM instances at once, while Workstation Player ($150) allows you to run just one guest VM instance. If you can find Workstation Player 12, it was free for non-commercial use. Also, if you find that you’re the pirating type, beware the risks associated these days with running executables from untrusted sources. There’s some nasty stuff out there, and 0-days run amok. Below is a VMWare Workstation tutorial:

If you would like to explore some differences between the two platforms, here’s an article discussing a number of them. Since features are continually being added to both, you may want to double-check if a particular feature has come to one solution or the other at the time you’re now reading this.

One major caveat is that, at the time of this writing, DX11/DX12 games will not work properly in any current VM solution.

In closing, I’d like to get your feet wet with some Google-hacking fun by searching for VM instances stored in open indexes across the web (meaning, though the file downloads can be quite large, you don’t have to find an OS to download, install, potentially license, etc.). Below is a custom query I’ve cooked up which searches for open indexes with the word “Windows”, including VMDK or VDI (extensions of VirtualBox and VMWare VMs, respectively), and I then filter out many spammy and honeypot results by negating “parent directory” in the URL:

intitle:index.of Windows intext:vmdk | intext:vdi -inurl:”parent directory”

Between VirtualBox’s support of native and select third-party VM formats, and VMWare’s vCenter Converter, you can pretty much find any VM and have it be plug-and-play with whichever platform you prefer.

Go forth now and experience a new, wondrous land of game-hacking where time is no longer bound by meaningless repetition! =)