Jump to content
  • Advertisement
Sign in to follow this  
rajend3

how do memory scanners work?

This topic is 4168 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

I was reading a bit about memory scanners used by hackers to create trainers for games. My question is how would you go about creating a memory scanner isn't accessing another processes memory space an illegal operation?

Share this post


Link to post
Share on other sites
Advertisement
Depending on the system, processes could run in a shared memory space or separate memory spaces. Often with separate memory spaces there are still ways provided for a process to poke around in another process's memory. It depends on the operating system and possibly user priviledges.

Share this post


Link to post
Share on other sites
Under Windows at least the simple ones use FindWindow(), GetWindowThreadProcessId(), OpenProcess(),WriteProcessMemory(), and ReadProcessMemory().

Here is simple one for Diablo that I found and modified on http://www.gamehacking.com/


#include <cstdio>
#include <windows.h>

main()
{
//The value we want to write to memory. Value for gold amount.
DWORD bytMoneyBuff = 5000 ;
//The address of our money, found with TSearch
DWORD dwMoney = 0x00688664;
DWORD dwMoney2 = 0x00689458;
DWORD dwPid;
HANDLE hndDiablo;
HWND hwndDiablo;

//Find the window so we can use the handle with GetWindowThreadProcessId
hwndDiablo = FindWindow(NULL, "Diablo");
if(hwndDiablo == NULL)
{
printf("FindWindow() failed!");
exit(1);
}
//get the WindowThreadProcessId for use with OpenProcess
GetWindowThreadProcessId(hwndDiablo, &dwPid);
//Open the process so we can read/write to/from the memory
if( (hndDiablo = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPid) ) == NULL) {
printf("OpenProcess() failed!");
exit(1);
}
//write our 0xFF byte to the money offset
WriteProcessMemory(hndDiablo, (LPVOID)dwMoney, (LPCVOID)&bytMoneyBuff, 4, NULL);
WriteProcessMemory(hndDiablo, (LPVOID)dwMoney2, (LPCVOID)&bytMoneyBuff, 4, NULL);
}







hope that helps.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

GameDev.net is your game development community. Create an account for your GameDev Portfolio and participate in the largest developer community in the games industry.

Sign me up!