Under windows, you use WriteProcessMemory() and ReadProcessMemory() to modify or read a applications memory. Here's a snippet of some code from an old trainer I made for Battlefield 1942:
Code:
HWND hGameWin;
DWORD pid;
HANDLE hProcess;
hGameWin = FindWindow( NULL, "BF1942 (Ver:62733/10/14/2003, 11:14)" );
if (!hGameWin) return FALSE;
if (!GetWindowThreadProcessId( hGameWin, &pid )) return FALSE;
hProcess = OpenProcess( PROCESS_ALL_ACCESS, 0, pid);
if (!hProcess) return FALSE;
WriteProcessMemory( hProcess, (LPVOID)0x42AFE9, &maphack1, sizeof(maphack1), NULL );
WriteProcessMemory( hProcess, (LPVOID)0x42AA60, &maphack2, sizeof(maphack2), NULL );
WriteProcessMemory( hProcess, (LPVOID)0x42B1CA, &maphack3, sizeof(maphack3), NULL );
CloseHandle( hProcess );
Earlier in the code, the maphack arrays are defined like this:
Code:
UCHAR maphack1[] = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 };
UCHAR maphack2[] = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 };
UCHAR maphack3[] = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 };
So basically, I'm overwriting the original code with a bunch of NOP (0x90) instructions to the addresses 0x42AFE9, 0x42AA60, and 0x42B1CA. To figure out these addresses, I used a program called TSearch.