I'm thinking of writing a trainer for a game, but I need to be able to access the memory of the games process directly. I recall there being an API function for this, but I cant remember what it was, anyone know?
Printable View
I'm thinking of writing a trainer for a game, but I need to be able to access the memory of the games process directly. I recall there being an API function for this, but I cant remember what it was, anyone know?
You know this isn't the place to discuss that.
WriteProcessMemory
...and what the hell is wrong with discussing trainers?
Thx viper.
and Bubba, I assumed hacking meant of the more malicious sort. Giving my char infinite currency isnt exactly what I would call malicious.
I'm hesistant to discuss it at all since this is a public forum and the fact that I detest online cheaters.
If it's for a single player game on your PC then I understand if you want to mess with it, but discussing it here might give the wrong idea to others.
There are already programs that can do this for you out there. One is ArtMoney (comes with a free version).
I'm fine with it so long as it's for single player.
Does anyone know how to determine exactly how much RAM a game is using so you can ReadProcessMemory all of it?
Technically I believe any alteration of source code or even displaying of source code on a display not owned by the company is against the EULA.
However I'm not sure about the EULA when it comes to the data files for the game.
The function fails and returns an error if the memory you tried to read is invalid. Persoanlly I woudl try reading in blocks until you encounter a block that fails, then read it byte by byte.Quote:
Originally Posted by Viper187
Personally I want to write a trainer so I can get a feel for how they are written, so i can write code that is much more difficult fro them to hack. Unfortunately, knowign how to beat hackers requires you to know their methods.
and why must programmers waste time trying to make games unfriendly to hackers? I never understood that BS. Nothing is hacker-proof. Quit wasting your time and ours. I remember hacking so many N64 games that had completely screwy programming. There are still certain games with timers I can't bloody freeze using a gameshark and it annoys the hell out of me. :(Quote:
Originally Posted by abachler
Oh, that's like putting items in stores where you can easily take them and get out of there without paying.
In short, it isn't fool proof, but if you implement a basic system, the amount of thefts will decrease by a large amount.
They want to protect their game, and by all rights, they have the right to do so. Just like you'd want to protect your own work from being tampered with or stolen.
If you pay for the goddamn game, you should have to right to screw with it all you want. That includes getting infinite ammo, time, whatever. If they had any right to prevent cheating, gamesharks/etc wouldn't exist. How the hell can you compare it to theft? There's no theft involved in manipulating a game to play the way you want it to.Quote:
Originally Posted by Elysia
I don't think that analogy holds.
Say you have invented something and you don't want to give out how it works or what's inside, so that you can have monopoly on it. When selling this device to someone, would you want them to crack it open and mix around with it or would you ban that?
As the copyright holder, you certainly have the right to ban such use.
The same goes for game makers. It's their work and they're kind enough to let you use it.
If you are ruining someone else's enjoyment of the game by cheating, you are cheating them out of the experience they deserve. They are not able to enjoy the game at its full potential, which they also spent their money for.
Singleplayer cheating I think is fine in some respects. Once you cross the line to multiplayer cheating, however, I think you're scum.
MacGyver also brings up a very good point where cheating should be banned in all possible ways. Cheat for yourself, fine, but cheat for others, that's crossing the line and should be prevented.
Noone said im trying to make games hacker proof. Only that im using games as the sandbox.Quote:
Originally Posted by Viper187
There are many forms of hacking/modding. The first, the easiest one, is usually by editing data files. This is easy to block - doing CRC check on files, but protecting your CRC check code itself is much more difficult.
The next way is through modifying the executable, either while it's running (in memory) or on the hard drive. Protecting data this way can be achieved by using clever duplicates or sums. But the problems occur when the executable code is modified. Of course, you can try to CRC this again, but how can you guarantee someone doesn't block that either?
There are easy ways to protect your code, and more difficult ones. Easy ways are to make different parts of code depend on eachother by setting different variables. Maybe even use function pointers which only get a value in the middle of a CRC check, or check the CRC result in many places, make the code a little self-modifying etc. There are many ways. You may wonder why I said this is the easy way. That's because...
... the hard way is to start modifying other processes or use drivers. I wouldn't suggest anyone to use these methods, but I'll explain them anyway. You can inject a piece of code into other processes which reroutes or modifies the OpenProcess and CreateProcess functions. On CreateProcess call you make sure the new process gets injected, and on OpenProcess call you block the calls trying to open your process. If something is messed in this stage, you can cause a system crash. The other way is to make a driver (all games installing drivers usually get a bad reputation though). Driver hooks calls to OpenProcess and/or WriteProcessMemory. If you mess something up here, you're doomed (BSOD).
There are plenty of ways to get some code injected into a process. The most popular ones except modifying the executable are modifying the game's DLLs or copying a modified system DLL into the game directory. These are not easy to detect.
Trainers usually modify the data/code in memory by finding the process with FindWindow or EnumProcesses, opening the game with OpenProcess, and then using WriteProcessMemory and ReadProcessMemory. Sometimes applications use their own API functions instead of these functions (usually a straight copy of the API function) to avoid game protection systems. This helps against injecting protection, but not against drivers.
When a memory scanner or a trainer has accessed the application, they can inject their code into the executable or inject a DLL. One simple example of DLL injection is ArtMoney (memory scanner & editor).
Nowadays there are quite few protection systems that have stayed unhacked or at least a workaround hasn't been published for them. These include the huge protection systems like StarForce. Personally I hate these systems, but if a multiplayer game needs protection, there aren't many other choices.
It's quite possible to hook API calls such as OpenProcess, ReadProcessMemory/WriteProcessMemory at user level simply by overwriting the import table in memory and injecting a DLL via CreateRemoteThread.
Many good firewalls also protect from this kind of behavior, as well, by asking.
Like I mentioned, from user mode it means injecting some code into every process. Bypassing import address table hooks is very simple though (pseudocode):Quote:
Originally Posted by Elysia
So I think the more reliable way is to hook the function itself, not only the IAT.Code:fnWriteProcessMemory=GetProcAddress(GetModuleHandle("kernel32"),"WriteProcessMemory");
//this call bypasses the hook
fnWriteProcessMemory(x, x, x, x, x);