Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

WriteProcessMemory, ReadProcessMemory and Key Capture

Posted on 1999-07-19
10
Medium Priority
?
387 Views
Last Modified: 2010-04-06
Hi,
I am trying to figure out how to make 'Trainers' for games.
This is where you push a button, say F12 and it will modify the health to 100, then it will keep it on 100 by using a timer to read the memory, check if its 100, if not then change it back to 100 again.

I know the API calls for changing the memory are WriteProcessMemory and ReadProcessMemory but I have no idea how to use these, or even how to declare them.

Also I need to know how to capture key presses when the trainer isn't the active program, specifically the F1-F12 keys.

The only way I will have of finding the program is the location of the exe file, and the text in the tasklist (CTRL-ALT-DEL), so if I need a process ID, the code needs to work that out.

If someone can give me some sample code for all of this, 150 points are coming your way :)

Please please please help..

I already know how to find the memory location using Softice, so thats not a problem.
0
Comment
Question by:plasmatek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 1

Expert Comment

by:Smilly
ID: 1389551
Listening....
0
 
LVL 20

Expert Comment

by:Madshi
ID: 1389552
Which Delphi version do you have?
0
 
LVL 1

Author Comment

by:plasmatek
ID: 1389553
I have Delphi 4 Client/Server Edition
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 20

Expert Comment

by:Madshi
ID: 1389554
Then you can download the free unit "enumStuff" from my homepage "http://beam.to/madshi" (it works only for D4).
With this unit you can do something like this:

function ReadNotepadMemory(addr: pointer; len: cardinal; var buf) : boolean;
var pl    : TProcessList;
    i1    : integer;
    c1,c2 : cardinal;
begin
  result:=false;
  pl:=GetProcessList;
  for i1:=0 to high(pl) do
    if pos('NOTEPAD.EXE',UpperCase(pl[i1].name))>0 then begin
      c1:=OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ,false,pl[i1].pid);
      if c1<>0 then
        try
          result:=ReadProcessMemory(c1,addr,@buf,len,c2) and (c2=len);
          exit;
        finally CloseHandle(c1) end;
    end;
end;

But it is of course YOUR problem, from WHICH address you want to read in the memory/address context of e.g. notepad.

Regards, Madshi.
0
 
LVL 1

Author Comment

by:plasmatek
ID: 1389555
This doesn't answer the question. It is something different.

OK, here is an example.
Download this small game 900kb - http://spgames.thehellhole.com/games/spmario.zip

- I have found out these addresses in the memory:
0x41D272 - Lives
0x41D282 - Coins

How would I make it so that when I press F6 for example, it will change the lives to 100, and when I press F5 it will change the coins to 50?

Remember, all I know is the exename - SPMario.exe, which is running before or after the trainer is started.

0
 
LVL 20

Expert Comment

by:Madshi
ID: 1389556
Well, my answer *IS* what you need. Simply do a few changes:

function ManipulateSPMario(lives, coins: integer) : boolean;
var pl    : TProcessList;
    i1    : integer;
    c1,c2 : cardinal;
begin
  result:=false;
  pl:=GetProcessList;
  for i1:=0 to high(pl) do
    if pos('SPMARIO.EXE',UpperCase(pl[i1].name))>0 then begin
      c1:=OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ,false,pl[i1].pid);
      if c1<>0 then
        try
          result:=WriteProcessMemory(c1,$41D272,@lives,4,c2) and (c2=4) and
                  WriteProcessMemory(c1,$41D282,@coins,4,c2) and (c2=4);
          exit;
        finally CloseHandle(c1) end;
    end;
end;

That's it!! Well, you didn't tell me, if the lives&coins variables are 4 byte long or less. If they are less long, you'll need to do some minor changes.

Regards, Madshi.
0
 
LVL 1

Author Comment

by:plasmatek
ID: 1389557
Thanks, I will try it out later. If it works you get the points :)
0
 
LVL 1

Author Comment

by:plasmatek
ID: 1389558
ok, it basically works with a few modifications. Add another answer so that I can accept it.
0
 
LVL 20

Accepted Solution

by:
Madshi earned 450 total points
ID: 1389559
Here comes the answer - thanx for the points...  :-)
0
 
LVL 1

Author Comment

by:plasmatek
ID: 1389560
thanks
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an auto free TStringList The TStringList is a basic and frequently used object in Delphi. On many occasions, you may want to create a temporary list, process some items in the list and be done with the list. In such cases, you have to…
Introduction I have seen many questions in this Delphi topic area where queries in threads are needed or suggested. I know bumped into a similar need. This article will address some of the concepts when dealing with a multithreaded delphi database…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

671 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question