Modified Heroes of Hammerwatch (HoH) to enable client side alterations without needing to mark profiles as modded.
Normally when the client assets are modified, HoH outputs a message indicating that the assets package is incorrect and shuts down. GDB's break syscall write command was used to break when this message was written. The backtrace was then examined, and breakpoints were placed on each of the branches.
Each of these locations were examined in order of most recent to least recent to find branches in the code that might be altered to circumvent the codepath that leads to printing this message.
Once the critical branch was located, xxd, readelf, and llvm-objdump were used to examine and flip the condition for this branch. In this case, jne (0x0F85) was switched to je (0X0F84).
Afterwards, HoH output another message: "Tampering detected". The above process was simply repeated again, and voila!
See method.txt for the full example.
For some reason, the addresses in the xxd hexdump are shifted relative to the addresses seen in objdump and readelf. The outputted hex from readelf can be used to search the xxd hexdump to find the correct address.
Only the modified scripts are kept in the repo. The other resource files and the original packed assets file are much too large and aren't modified.
packager.sh requires hard paths for arguments.
objdump -D <exe> ><exe>.objxxd <exe> ><exe>.hexxxd -r <exe>.hex ><exe>readelf -S <exe>(to acquire<sections>)readelf -x <section> <exe>packager.sh -r <unpacked_resources>packager.sh -u <packed_resources> -d <unpacked_resources