PDA

View Full Version : Your First Game Hack - Part II

Shreyas
23-04-08, 12:56 PM
Objectives:
In this tutorial you will learn how to make a VB.NET application to hack a game's memory. In this case 3D Pinball's memory. This hack will modify 3D Pinball's score.

Requirements:
* 3D Pinball Game (Pre-installed with Windows XP)
* Any VB.NET version. You can download it from microsoft.com
* Basic VB.NET knowledge. You can get some video tutorials on microsoft.com.

Procedure:
* Start a new Console Application in VB.NET (I do not recommend a Windows Forms Application as it tends to use more memory).
* Add a new class named Trainer.vb.
* Put the following code in the class:

Public Declare Function GetWindowThreadProcessId Lib "User32" (ByVal hwnd As Integer, ByRef lpdwProcessId As Integer) As Integer
Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Integer, ByVal bInheritHandle As Integer, ByVal dwProcessId As Integer) As Integer
Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Integer) As Integer
Public Declare Function FindWindow Lib "User32" Alias "FindWindowA" (ByVal Classname As String, ByVal WindowName As String) As Integer
'For Reading and Writing Process Memory
Public Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Integer, ByVal lpBaseAddress As Integer, ByRef lpBuffer As Integer, ByVal nSize As Integer, ByRef lpNumberOfBytesWritten As Integer) As Integer
Public Declare Function ReadProcessMemory Lib "kernel32" Alias "ReadProcessMemory" (ByVal hProcess As Integer, ByVal lpBaseAddress As Integer, ByRef lpBuffer As Integer, ByVal nSize As Integer, ByRef lpNumberOfBytesWritten As Integer) As Integer
'Disable Memory Protection
'Public Declare Function VirtualProtectEx Lib "kernel32" (ByVal hProcess As Integer, ByRef lpAddress As Object, ByVal dwSize As Integer, ByVal flNewProtect As Integer, ByRef lpflOldProtect As Integer) As Integer

Const PROCESS_ALL_ACCESS = &H1F0FFF
Dim value As Single

Dim _ProcessName As String, _processHandle As IntPtr

Property RrocessName() As String
Get
Return _ProcessName
End Get
Set(ByVal value As String)
_ProcessName = value
End Set
End Property

Sub New(ByVal processName As String)
_ProcessName = processName
End Sub

Function OpenProcess() As Boolean
Dim myProcesses As Process() = Process.GetProcessesByName(_ProcessName)
If myProcesses.Length = 0 Then
'Optional Stuff Goes Here...like Label displaying some kind of text
Return False
Exit Function
End If

_processHandle = OpenProcess(PROCESS_ALL_ACCESS, 0, myProcesses(0).Id)
If _processHandle = IntPtr.Zero Then
'Optional Stuff Goes Here...like Label displaying some kind of text
Return False
Exit Function
End If
Return True
End Function

Function GetValue(ByVal offset As Integer) As Single


ReadProcessMemory(_processHandle, offset, value, 1, 0)
Return value

End Function

Sub SetValue(ByVal offset As Integer, ByVal value As Single)

WriteProcessMemory(_processHandle, offset, value, 4, 4)

End Sub

Sub closeProcess()

If _processHandle <> 0 Then CloseHandle(_processHandle)

End Sub

Function GetSValue(ByVal offset As Integer) As Integer

If OpenProcess = False Then Exit Function
Dim value As Integer
ReadProcessMemory(_processHandle, offset, value, 1, 0)
Return value
closeProcess()

End Function

Sub SetSValue(ByVal offset As Integer, ByVal value As Integer)

If OpenProcess = False Then Exit Sub
WriteProcessMemory(_processHandle, offset, value, 1, 1)
closeProcess()

End Sub

* In the Console Application's Main Sub, add the code:

Dim trnr as new Trainer("PINBALL")
trnr.SetSValue(&HA40C62,123456)

* The value after &H is the value you found in Part 1. 123456 is the score you want to set, you can change it to the score you want. Change the value after &H to the value you get in Part 1.

Conclusion:
You have succeeded in making a game trainer! To use this, start playing pinball, and then run your application.

Exercise:
Try to make a trainer (to edit runs) for Cricket 07.
Neo95
24-04-08, 12:18 AM
good tut there shreyas apps to u
Oj_RuLeS
24-04-08, 11:08 AM
Mann you're a genius Shreyas :D
Hitterman
24-04-08, 07:31 PM
Thanks for this but i need to learn some more basics;)
halogen19
11-05-08, 09:14 PM
You're wrong. You're doing it all wrong. You shouldn't be camouflaging the real Writeprocessmemory API, because that way you can't control the number of bytes. And never will you be able to do advanced stuff.
Shreyas
11-05-08, 09:23 PM
You're wrong. You're doing it all wrong. You shouldn't be camouflaging the real Writeprocessmemory API, because that way you can't control the number of bytes. And never will you be able to do advanced stuff.

---- ByRef lpNumberOfBytesWritten As Integer ----
You can control the number of bytes to write. And BTW, there is no need of aliases as no other function shares the same name.
halogen19
11-05-08, 09:56 PM
Yes. But look at your Setvalue function. You're setting the nsize as 1 by default, so practically someone can't write more than 1 bytes unless you put it in the function API too.
Hitterman
11-05-08, 10:00 PM
if we use the api function it may also increase some file size.
halogen19
11-05-08, 10:33 PM
if we use the api function it may also increase some file size.
What on earth are you talking about?
Shreyas
12-05-08, 12:54 AM
Yes. But look at your Setvalue function. You're setting the nsize as 1 by default, so practically someone can't write more than 1 bytes unless you put it in the function API too.

I know that. But I made this class for this and some other projects which require only one byte to be written.
halogen19
12-05-08, 12:51 PM
I know that. But I made this class for this and some other projects which require only one byte to be written.
Yes, but if someone tries to make a trainer using the same code for writing a value above 255 he will fail, without knowing where.
Hitterman
12-05-08, 01:18 PM
I got everything correct with this method. Try it yourself dude,if you will get any problems report Shreyas;)
halogen19
12-05-08, 01:24 PM
I got everything correct with this method. Try it yourself dude,if you will get any problems report Shreyas;)
You seem to be thinking I am a noob. But let me tell you, I have 8 years of experience in VB.NET and I know much more than you. Its reflected by the fact that you can't even know the problem I am saying. Shreyas is understanding it, and I am sure he'll correct the class to repair it.
Hitterman
12-05-08, 01:33 PM
I don't know much vb.net,i only know c++:cool.
Hitterman
12-05-08, 01:35 PM
EDIT: Dude if you know this much why don't you code a application or write a tutorial. Many users says like this and they don't know anything:p
Shreyas
12-05-08, 04:14 PM
Yes, but if someone tries to make a trainer using the same code for writing a value above 255 he will fail, without knowing where.

If you look at the class closely you will see that every procedure writes different no. of bytes. I made that class for my project Gameplay07 for Cricket 07. But i will edit the class :cheers
halogen19
15-05-08, 04:48 PM
EDIT: Dude if you know this much why don't you code a application or write a tutorial. Many users says like this and they don't know anything:p
I've been on PC too and I am not one of those idiots like a member called HBK. Used to claim so much but did nothing. Such a stupid idiot.

Coding an application takes seconds, the point comes in what to code. I haven't found any game recently found worthwile of making a trainer and I don't have the time to write a tutorial.
Hitterman
15-05-08, 05:07 PM
What's your pc id dude;)? Can you make a trainer for cricket 2005 for me:)?
fandargo
21-10-08, 04:21 AM
hi to everyone!
the tutorial works for game that use the same address every time..
but when you run a game that change address each time?
there's something you can do?
Hitterman
21-10-08, 03:11 PM
Too weird. I think the address which is responsible for it always remain Constant. How it can change? If it would be constant then it will be impossible to make a Trainer for the game.

Can you tell me that for which game you tried this?