Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


WriteProcessMemory, or hex problem?!

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
0wn3d
How do I cheat?
Reputation: 0

Joined: 09 Feb 2011
Posts: 7
PostPosted: Wed Feb 09, 2011 9:23 am    Post subject: WriteProcessMemory, or hex problem?! Reply with quote
I am working on some sort of Need for Speed trainier, and the first thing I want to do is to adjust money of player by pressing a button. I used API WriteProcessMemory, to write data of the address I want and to their bytes. The address is "01A2CEAC", and it has 4 bytes (so its Cardinal). So what I did is poke the value to the address I write above, and the money is there, and it works, but the problem is that no matter how I try to put money, I can't put 2000. My "PokeValue" const is $32303030 and when I try it it didn't edit my value, when I set my "PokeValue" to $EB, It changes my value of money to 208 I think. Here is the project info:

Code:

{Creating the Need for Speed Most Wanted hack using Cheat Enginie and Delphi/ASM}
{   Author   : dn5
   Website   :
   Date   : 8.2(feb).2011
   Email   :
                                 }
                                 
{ PROJECT INFORMATION                   }
*    Game   : NFSMW (Need for Speed Most Wanted)
   Initial   : Need for Speed™ Most Wanted
   Language: Delphi/ASM
   Game l   : C++
   Game v   : 1.3
                                 *
                                 
{ Using:
   - IDA Pro
   - Cheat engine 6.0
   - Delphi
   - OllyDbg
                                 }
                                 
Thanks: Anes_Hame (It's hes NFSMW DVD) lol; iC0de, LC and CE users;

_
/Testing memory addresses/
Memory address of user "Halis" for money: 01A2CEAC
                                 Description: Status of money
                                 Pointer      : False
Memory address of user "dn5" for money   : 01A2CEAC
                                 Description: Status of money
                                 Pointer      : False
                                 
                                 SIGNATURE OF MEMORY: Match 100%
                                 SIGNATURE OF MEMORY AFTER RESTART: Match 100%   


As you can see the address is 01A2CEAC, I did some testing, and it 100% that, no pointers needed to change the money as it always like that address. Anyone can help why my money isn't changing or if its change I can set it to value let say 2000. I try even "IntToHex()" but that also don't work (don't change value). I try to get it last night but no success after 5 hours of "coding".

Thanks,
dn5.

EDIT: Here is the code, I found it somewhere on internet and just edit it.

Code:
unit Unit1;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, StdCtrls;

type
  TForm1 = class(TForm)
    Button1: TButton;
    procedure Button1Click(Sender: TObject);
  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
Form1: TForm1;
WindowName:integer;
ProcessId:integer;
ThreadiD:Integer;
buf:PChar;
HandleWindow:integer;
write:cardinal;

Const
WindowTitle = 'Need for Speed™ Most Wanted';
Address = $01A2CEAC;
PokeValue = $EB; //$EB;
NumberOfBytes = 4;

implementation

{$R *.dfm}

procedure WriteMoney2();
begin
WindowName := FindWindow(nil, WindowTitle);
If WindowName = 0 then
   begin
     showmessage('must run the game');
  end;
ThreadID := GetWindowThreadProcessId(Windowname, @ProcessID);
HandleWindow := OpenProcess(PROCESS_ALL_ACCESS, False, ProcessId);
GetMem(buf, 1);
buf^:= Chr(PokeValue);
WriteProcessMemory(HandleWindow, ptr(Address), Ptr(2000), NumberOfBytes, write);
FreeMem(buf);
CloseHandle(HandleWindow);
end;

procedure TForm1.Button1Click(Sender: TObject);
begin
WriteMoney2;
end;

end.


EDIT2:
When I try with Cheat Engine and change the same address value to like "2000" it works, my way don't.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 471

Joined: 09 May 2003
Posts: 25819
Location: The netherlands
PostPosted: Wed Feb 09, 2011 9:36 am    Post subject: Reply with quote
I doubt that address 2000 is readable... (the first 4KB of a process is usually unreadable)

anyhow, try:
var myvalue: dword;
....
myvalue:=2000;
WriteProcessMemory(HandleWindow, pointer(Address), @myvalue, 4, write);
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
0wn3d
How do I cheat?
Reputation: 0

Joined: 09 Feb 2011
Posts: 7
PostPosted: Thu Feb 10, 2011 2:25 pm    Post subject: Reply with quote
I resolve it. If you wonder how then this is the secret. I didn't have all privileges of the process so I set my application to get all privileges like this:

Code:
procedure SetPrivilege;
var
  OldTokenPrivileges, TokenPrivileges: TTokenPrivileges;
  ReturnLength: dword;
  hToken: THandle;
  Luid: int64;
begin
  OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES, hToken);
  LookupPrivilegeValue(nil, 'SeDebugPrivilege', Luid);
  TokenPrivileges.Privileges[0].luid := Luid;
  TokenPrivileges.PrivilegeCount := 1;
  TokenPrivileges.Privileges[0].Attributes := 0;
  AdjustTokenPrivileges(hToken, False, TokenPrivileges, SizeOf(TTokenPrivileges), OldTokenPrivileges, ReturnLength);
  OldTokenPrivileges.Privileges[0].luid := Luid;
  OldTokenPrivileges.PrivilegeCount := 1;
  OldTokenPrivileges.Privileges[0].Attributes := TokenPrivileges.Privileges[0].Attributes or SE_PRIVILEGE_ENABLED;
  AdjustTokenPrivileges(hToken, False, OldTokenPrivileges, ReturnLength, PTokenPrivileges(nil)^, ReturnLength);
end;


Using this code you can give the your application power to inject some code to the actual process. Just call the "SetPrivilege();" and that's it.

The second way is more simple and not advanced as 1st one.
Code:
Thanks: Departure
  if VirtualProtect(pAddress, SizeOf(Bytes), PAGE_EXECUTE_READWRITE, @dwProtect) then
   begin
  //Write the new bytes to addres and the length of bytes to be written
    Move(Bytes, pAddress^, Length(Bytes));
//Restore original Protecting to section we have just written to.
    VirtualProtect(pAddress, SizeOf(Bytes), dwProtect, @dwProtect);


As you can see VirtualProtect API will change the protection of memory so you can write actual data to the protected address. Look up MSDN ( can't post URL ) for more information.

And about the second example, the game needs to allow injecting hack dll into it process, else it won't work.
Hope it helps to someone.

Thanks!
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites