 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
.Murder.
Grandmaster Cheater
 Reputation: 0
Joined: 28 Nov 2007
Posts: 723
|
 Posted: Mon Jan 21, 2008 6:30 pm Post subject: How WriteProcessMemory works! |
 |
|
I wrote a simple application to overwrite another processes bytes at a certain address, like it says in the title.. it's only basic, was written quickly.
I made a small function, int CheckProcess( char* ProcessName ) which when called returns the process ID of the process name given, much easier than using FindWindow (of which some window names change everytime). By the way, char* MakeLower( char* strLower ) which is a simple function converting char arrays to lowercase for comparing.
Only uses OpenProcess and WriteProcessMemory for the actual patching.
Basic example for anyone wanting to learn about how WriteProcessMemory works.
| Code: |
#include "stdafx.h"
#include <iostream>
#include <windows.h>
#include <cstdio>
#include <tlhelp32.h>
#include <stdio.h>
#include <string>
using namespace std;
int CheckProcess( char* ProcessName );
char* MakeLower( char* strLower );
int main(int argc, char* argv[])
{
cout << "================================" << endl;
cout << "====== Memory Patcher v1.0 ====" << endl;
cout << "================================" << endl;
cout << "=========== .MuRdEr. ===========" << endl;
cout << "================================" << endl << endl;
cout << "Notes: " << endl;
cout << " " << endl;
cout << " " << endl << endl << endl << endl;
//get process ID from process name
int processID = CheckProcess("notepad.exe");
//Open the process with specified ID
HANDLE openProc_h = OpenProcess(PROCESS_ALL_ACCESS, FALSE, processID);
if(!openProc_h)
{
//if the process failed to open
cout << "OpenProcess failed, maybe program crashed or isn't open" << endl << "Process ID: " << processID << endl << endl;
MessageBox(NULL, "OpenProcess failed, is it open? :O", "error", MB_OK + MB_ICONERROR);
return 0;
}
//Else, process opened - The actual bytes to patch are:
BYTE bytesToPatch[]={0x39, 0x39, 0x39, 0x39, 0x39, 0x39, 0x39, 0x39};
DWORD bytesToPatchsize = sizeof(bytesToPatch);
//(LPVOID)0x01672A70 is the offset to patch.
if(WriteProcessMemory(openProc_h, (LPVOID)0x01672A70, &bytesToPatch, bytesToPatchsize, NULL))
{
cout << "New Bytes Written: ";
for(int i=0; i < sizeof(bytesToPatch); i++)
{
//Show output of the bytes written
cout << bytesToPatch[i];
}
//Show the process ID the bytes were written to
cout << endl << "Process ID: " << processID << endl << endl;
MessageBox(NULL, "WriteProcessMemory seemed to write bytes ", "hmmm", MB_OK + MB_ICONINFORMATION);
}
else
{
cout << "Failed writing, " << endl << "Process ID: " << processID << endl;
MessageBox(NULL, "WriteProcessMemory failed, correct offset? or maybe it's protected :(", "error", MB_OK + MB_ICONERROR);
}
CloseHandle(openProc_h);
return 0;
}
int CheckProcess( char* ProcessName )
{
int n_PId=0;
HANDLE n_NewSnapshot;
PROCESSENTRY32 procA;
n_NewSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,NULL);
if (n_NewSnapshot==INVALID_HANDLE_VALUE)
{
CloseHandle(n_NewSnapshot);
return 0;
}
procA.dwSize = sizeof(procA);
while (Process32Next(n_NewSnapshot,&procA))
{
if (strcmp(MakeLower(procA.szExeFile), MakeLower(ProcessName)) == 0)
{
n_PId = procA.th32ProcessID;
}
}
CloseHandle(n_NewSnapshot);
return n_PId;
}
char* MakeLower( char* strLower )
{
int size = strlen(strLower);
char *newstr = (char*)malloc(size);
for (int loop = 0; loop < strlen(newstr); loop++)
{
newstr[loop] = tolower(strLower[loop]);
}
return newstr;
}
|
Dinner Time.
Bye ~
_________________
|
|
| Back to top |
|
 |
the_undead
Expert Cheater
 Reputation: 1
Joined: 12 Nov 2006
Posts: 235
Location: Johannesburg, South Africa
|
| Posted: Mon Jan 21, 2008 6:44 pm Post subject: |
|
|
If I cared enough I'd clean your code up.
_________________
|
|
| Back to top |
|
|
.Murder.
Grandmaster Cheater
Reputation: 0
Joined: 28 Nov 2007
Posts: 723
|
| Posted: Mon Jan 21, 2008 6:51 pm Post subject: |
|
|
| the_undead wrote: | | If I cared enough I'd clean your code up. |
Yes well... I did it rapidly.
_________________
|
|
| Back to top |
|
|
lurc
Grandmaster Cheater Supreme
 Reputation: 2
Joined: 13 Nov 2006
Posts: 1900
|
| Posted: Mon Jan 21, 2008 6:57 pm Post subject: |
|
|
meh, i cleaned it cuz i am soo bored, and neglecting exam studying 
| Code: | #include "stdafx.h"
#include <iostream>
#include <windows.h>
#include <cstdio>
#include <tlhelp32.h>
#include <stdio.h>
#include <string>
using namespace std;
int CheckProcess( char* ProcessName );
char* MakeLower( char* strLower );
int main(int argc, char* argv[])
{
cout << "================================" << endl;
cout << "====== Memory Patcher v1.0 ====" << endl;
cout << "================================" << endl;
cout << "=========== .MuRdEr. ===========" << endl;
cout << "================================" << endl << endl;
cout << "Notes: " << endl;
cout << " " << endl;
cout << " " << endl << endl << endl << endl;
// -- Get process ID from process name.
int processID = CheckProcess( "notepad.exe" );
// -- Open the process with specified ID.
HANDLE openProc_h = OpenProcess( PROCESS_ALL_ACCESS, FALSE, processID );
if ( !openProc_h )
{
// -- If the process failed to open.
cout << "OpenProcess failed, maybe program crashed or isn't open" << endl << "Process ID: " << processID << endl << endl;
MessageBox( NULL,
"OpenProcess failed, is it open? :O",
"error",
MB_OK + MB_ICONERROR );
return 0;
}
// -- Else, process opened - The actual bytes to patch are:
BYTE bytesToPatch[]={0x39, 0x39, 0x39, 0x39, 0x39, 0x39, 0x39, 0x39};
DWORD bytesToPatchsize = sizeof( bytesToPatch );
// -- (LPVOID)0x01672A70 is the offset to patch.
if ( WriteProcessMemory( openProc_h, (LPVOID)0x01672A70, &bytesToPatch, bytesToPatchsize, NULL ) )
{
cout << "New Bytes Written: ";
for( int i = 0; i < sizeof( bytesToPatch ); i++ )
{
// -- Show output of the bytes written.
cout << bytesToPatch[i];
}
// -- Show the process ID the bytes were written to.
cout << "\nProcess ID: " << processID << endl << endl;
MessageBox(NULL,
"WriteProcessMemory seemed to write bytes ",
"hmmm",
MB_OK + MB_ICONINFORMATION );
}
else
{
cout << "Failed writing, " << endl << "Process ID: " << processID << endl;
MessageBox( NULL,
"WriteProcessMemory failed, correct offset? or maybe it's protected :(",
"Error",
MB_OK + MB_ICONERROR );
}
CloseHandle( openProc_h );
return 0;
}
int CheckProcess( char* ProcessName )
{
int n_PId=0;
HANDLE n_NewSnapshot;
PROCESSENTRY32 procA;
n_NewSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, NULL );
if ( n_NewSnapshot == INVALID_HANDLE_VALUE )
{
CloseHandle( n_NewSnapshot );
return 0;
}
procA.dwSize = sizeof( procA );
while ( Process32Next( n_NewSnapshot,&procA ) )
{
if ( strcmp( MakeLower( procA.szExeFile ), MakeLower( ProcessName ) ) == 0 )
{
n_PId = procA.th32ProcessID;
}
}
CloseHandle(n_NewSnapshot);
return n_PId;
}
char* MakeLower( char* strLower )
{
int size = strlen( strLower );
char *newstr = (char*)malloc( size );
for (int loop = 0; loop < strlen( newstr ); loop++)
{
newstr[loop] = tolower( strLower[loop] );
}
return newstr;
}
|
_________________
|
|
| Back to top |
|
|
Flyte
Peanuts!!!!
 Reputation: 6
Joined: 19 Apr 2006
Posts: 1887
Location: Canada
|
| Posted: Mon Jan 21, 2008 7:13 pm Post subject: |
|
|
PROTIP: stricmp();
PROTIP: ...what the hell?
| Code: | #include <iostream>
...
#include <cstdio>
...
#include <stdio.h> |
C != C++
cstdio ~= stdio.h
|
|
| Back to top |
|
|
BruceLee_
How do I cheat?
 Reputation: 0
Joined: 21 Jan 2008
Posts: 2
Location: Australia
|
| Posted: Mon Jan 21, 2008 10:24 pm Post subject: |
|
|
wow nice
_________________
Knowing yourself takes a lifetime.
Knowing what you do, takes time. |
|
| Back to top |
|
|
Noz3001
I'm a spammer
 Reputation: 26
Joined: 29 May 2006
Posts: 6220
Location: /dev/null
|
| Posted: Tue Jan 22, 2008 6:14 am Post subject: |
|
|
That's not how it works.. That's how to use it.
PS. Use better error messages ^^. GetLastError() anyone?
|
|
| Back to top |
|
|
DeletedUser14087
I post too much
![]() Reputation: 2
Joined: 21 Jun 2006
Posts: 3069
|
| Posted: Tue Jan 22, 2008 7:09 am Post subject: |
|
|
noz's the leetness  !!
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
