Jump to content
  • Advertisement
Sign in to follow this  
rajend3

how do memory scanners work?

This topic is 3991 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

I was reading a bit about memory scanners used by hackers to create trainers for games. My question is how would you go about creating a memory scanner isn't accessing another processes memory space an illegal operation?

Share this post


Link to post
Share on other sites
Advertisement
Depending on the system, processes could run in a shared memory space or separate memory spaces. Often with separate memory spaces there are still ways provided for a process to poke around in another process's memory. It depends on the operating system and possibly user priviledges.

Share this post


Link to post
Share on other sites
Under Windows at least the simple ones use FindWindow(), GetWindowThreadProcessId(), OpenProcess(),WriteProcessMemory(), and ReadProcessMemory().

Here is simple one for Diablo that I found and modified on http://www.gamehacking.com/


#include <cstdio>
#include <windows.h>

main()
{
//The value we want to write to memory. Value for gold amount.
DWORD bytMoneyBuff = 5000 ;
//The address of our money, found with TSearch
DWORD dwMoney = 0x00688664;
DWORD dwMoney2 = 0x00689458;
DWORD dwPid;
HANDLE hndDiablo;
HWND hwndDiablo;

//Find the window so we can use the handle with GetWindowThreadProcessId
hwndDiablo = FindWindow(NULL, "Diablo");
if(hwndDiablo == NULL)
{
printf("FindWindow() failed!");
exit(1);
}
//get the WindowThreadProcessId for use with OpenProcess
GetWindowThreadProcessId(hwndDiablo, &dwPid);
//Open the process so we can read/write to/from the memory
if( (hndDiablo = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPid) ) == NULL) {
printf("OpenProcess() failed!");
exit(1);
}
//write our 0xFF byte to the money offset
WriteProcessMemory(hndDiablo, (LPVOID)dwMoney, (LPCVOID)&bytMoneyBuff, 4, NULL);
WriteProcessMemory(hndDiablo, (LPVOID)dwMoney2, (LPCVOID)&bytMoneyBuff, 4, NULL);
}







hope that helps.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

Participate in the game development conversation and more when you create an account on GameDev.net!

Sign me up!