Page 1 of 3 123 LastLast
Results 1 to 10 of 22
  1. #1
    Dwar
    Dwar is offline
    Veteran Dwar's Avatar
    Join Date
    2010 Mar
    Posts
    2,222
    Thanks Thanks Given 
    211
    Thanks Thanks Received 
    2,230
    Thanked in
    292 Posts
    Rep Power
    10

    [Delphi] Creating a Simple Game Trainer

    Creating a Game Trainer in Delphi


    A little bit old article about writing a simple trainer in Delphi (modification memory of selected process).


    In this tutorial, I'm going to outline all the basic API and code necessary to create a trainer in Delphi. A basic knowledge of Delphi is preferred, but Delphi's a damn easy language to learn anyway.

    The Concept
    Okay, this is what we want the trainer to do. We run the game, and then [alt][tab] out to Windows. We run the trainer, and press a button. This action will poke a value into a certain memory address of the game. So if we know the memory address of the money in a game, we can hack the money using this trainer.

    To make a trainer, here are the basic things we need.

    The Game's Window Title: Run the game, and then alt-tab out to Windows. Look at the taskbar for your game, and write down the exact window title.

    The Memory Address (in hex): Using a program like ArtMoney or Cheat Engine, we can do a search for any value and find the memory address. An example address in hex form is 41D090. Write the address down somewhere.

    A Value To Poke (in hex): So we have the memory address. What value do we want to poke into it? Let's say I want 50 gold, so first, I must convert 50 into hex form using a hex converter. The converter says 32, so write this number down also.

    Number Of Bytes: In the value to poke that you wrote down above, you must also know how many bytes this will take up in memory. For example, 32 will take up only 1 byte, but FF07 will take up two bytes. In general, two digits take up one byte.

    Let's Start The Coding
    We are going to use the Win32 API to poke values into the memory of another process. Here are the functions we'll be using, in the correct order:
    • FindWindow
    • GetWindowThreadProcessId
    • OpenProcess
    • ReadProcessMemory
    • WriteProcessMemory
    • CloseHandle


    [Read up these API fuctions in the Win32.hlp file for full details. I will only go through the basics such that beginners can just copy and paste the code in this turorial]

    The coding begins. First we declare our variables. Copy and paste these into your code:
     Var WindowName : integer;
    ProcessId : integer;
    ThreadId : integer;
    buf : PChar;
    HandleWindow : Integer;
    write : cardinal;

    Time to declare all the important stuff. Copy and paste the following into the same area of the code. Set up the following variables to what you have written down earlier.
     Const WindowTitle = 'prog test';
    Address = $41D090;
    PokeValue = $32;
    NumberOfBytes = 1;

    Now to poke a value, you must get the handle of the memory of the game. There is no direct way to do this, so here's what we do.

    1) Get the main window's handle.
    2) With the handle, get the process identifier.
    3) With the pID, get the handle of the memory area.
    4) With this handle, we can start hacking!

    First, we need to get the handle of the main window of the game. Use the FindWindow function like this:
     WindowName := FindWindow(nil,WindowTitle);
    If WindowName = 0 then
    begin
    MessageDlg('The game must be running in the background.
    Run it now, and then try again.', mtwarning,[mbOK],0);
    end;

    Notice that the code checks whether windowname is zero. If it is, it means the game is not running, so we warn the user and tell him to run the damn game now!

    Next, we need the window's processidentifier. We use the GetWindowThreadProcessId function for this. Then we get the handle of the memory are using OpenProcess. Copy the code below.
     ThreadId := GetWindowThreadProcessId(WindowName,@ProcessId);
    HandleWindow := OpenProcess(PROCESS_ALL_ACCESS,False,ProcessId);

    That's it! Now we can use WriteProcessMemory to hack into the handle. Once we're done, we close the handle, just to be safe. Copy the code below.
     GetMem(buf,1);
    buf^ := Chr(PokeValue);
    WriteProcessMemory(HandleWindow,ptr(Address),buf,N umberOfBytes,write);
    FreeMem(buf);
    closehandle(HandleWindow);

    Below is the source code for the entire trainer. For beginner programmers, to make a fast trainer, all you have to do is change the constants declared in the beginning of the code.
     Var WindowName : integer;
    ProcessId : integer;
    ThreadId : integer;
    buf : PChar;
    HandleWindow : Integer;
    write : cardinal;

    Const WindowTitle = 'prog test';
    Address = $41D090;
    PokeValue = $32;
    NumberOfBytes = 1;

    ################################################## #########
    # (Put the following code inside a command button routine)#
    ################################################## #########
    begin
    WindowName := FindWindow(nil,WindowTitle);
    If WindowName = 0 then
    begin
    MessageDlg('The game must be running in the background.
    Run it now, and then try again.', mtwarning,[mbOK],0);
    end;

    ThreadId := GetWindowThreadProcessId(WindowName,@ProcessId);
    HandleWindow := OpenProcess(PROCESS_ALL_ACCESS,False,ProcessId);

    GetMem(buf,1);
    buf^ := Chr(PokeValue);
    WriteProcessMemory(HandleWindow,ptr(Address),buf,N umberOfBytes,write);
    FreeMem(buf);
    closehandle(HandleWindow);
    end;
    Please, post your questions on forum, not by PM or mail

    I spend my time, so please pay a little bit of your time to keep world in equilibrium

  2. The Following 4 Users Say Thank You to Dwar For This Useful Post:


  3. #2
    DJK
    DJK is offline
    New member
    Join Date
    2010 Sep
    Posts
    11
    Thanks Thanks Given 
    1
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0

    Re: [Delphi] Creating a Simple Game Trainer

    Hey,

    This looks good and as both a avid delphi user and trying to create a trainer using Cheat Engine I figured why not combine and do the trainer in delphi instead

    Well I tried the example but it doesn't seem to work correctly.. it compiles fine and does change the address but for some reason when I enter pokevalue 50000 and click my button it changes the ingame value (verified with cheat engine) to 20300624.....

    I tried changing the pokevalue but even if I set pokevalue to 0 it gives me 21233664

    What's up ?

    EDIT: I changed to buf, 1 value to buf,100 and it seems fixed .. though I have no clue why or what I did..

  4. #3
    Dwar
    Dwar is offline
    Veteran Dwar's Avatar
    Join Date
    2010 Mar
    Posts
    2,222
    Thanks Thanks Given 
    211
    Thanks Thanks Received 
    2,230
    Thanked in
    292 Posts
    Rep Power
    10

    Re: [Delphi] Creating a Simple Game Trainer

    DJK
    You can check this post [Delphi] Simple loader and patcher for packed program, where I used an array of bytes for poke values
    Please, post your questions on forum, not by PM or mail

    I spend my time, so please pay a little bit of your time to keep world in equilibrium

  5. #4
    DJK
    DJK is offline
    New member
    Join Date
    2010 Sep
    Posts
    11
    Thanks Thanks Given 
    1
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0

    Re: [Delphi] Creating a Simple Game Trainer

    Do you know how to freeze values after poking them ? I guess I could use a timer on 1s but not sure if that is what for example CEngine does when you freeze a value, won't ill be getting a lot of overhead if it runs the code block every sec.. ?

  6. #5
    Dwar
    Dwar is offline
    Veteran Dwar's Avatar
    Join Date
    2010 Mar
    Posts
    2,222
    Thanks Thanks Given 
    211
    Thanks Thanks Received 
    2,230
    Thanked in
    292 Posts
    Rep Power
    10

    Re: [Delphi] Creating a Simple Game Trainer

    DJK
    Create a thread and use
     while (not Terminated) do
    begin
    WriteProcessMemory(); // rewrite in cycle value in memory
    sleep(100);
    end;
    Please, post your questions on forum, not by PM or mail

    I spend my time, so please pay a little bit of your time to keep world in equilibrium

  7. #6
    DJK
    DJK is offline
    New member
    Join Date
    2010 Sep
    Posts
    11
    Thanks Thanks Given 
    1
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0

    Re: [Delphi] Creating a Simple Game Trainer

    Hmm, I have no clue how to create threads, so I tried this code which I thought more or less is the gist of what you are trying to say...

    var
    test: integer;
    begin
    test := 1
    while (test = 1) do
    begin
    WriteProcessMemory(HandleWindow,ptr(Address),buf,N umberOfBytes,write);
    sleep(100);
    end;

    I had to use "WriteProcessMemory(HandleWindow,ptr(Address),buf, NumberOfBytes,write);" instead of "WriteProcessMemory(); because if I use this it tells me "not enough parameters"....

    Secondly, besides the fact it's behaving weird (its not really freezing the values coherently, if im persistent enough I can get my 0 value to 1 or 2 while it should reset to 0 every second. (once it's 1 or 2 it never resets back)

    Secondly my application hangs after using my button (triggering the code) once. I guess it's spamming it to much or something, or maybe my alternate method just isn't suited for this kind of thing ...

    Sorry for all the questions but it's the first time I do anything of this kind in delphi so I'm trying to keep it as simple as possible

  8. #7
    Dwar
    Dwar is offline
    Veteran Dwar's Avatar
    Join Date
    2010 Mar
    Posts
    2,222
    Thanks Thanks Given 
    211
    Thanks Thanks Received 
    2,230
    Thanked in
    292 Posts
    Rep Power
    10

    Re: [Delphi] Creating a Simple Game Trainer

    DJK
    WriteProcessMemory() - it was an example...

    And again: use threads It's only one suitable method and you can sleep less time, e.g. 20 (that would be enought).

    Even if you will use your code, you can modify it
     while True do
    begin
    Application.ProcessMessages;
    WriteProcessMemory(HandleWindow,ptr(Address),buf,N umberOfBytes,write);
    sleep(20);
    end;


    P.S. Hm, maybe I'll write some tuts about "freezing" values
    Please, post your questions on forum, not by PM or mail

    I spend my time, so please pay a little bit of your time to keep world in equilibrium

  9. #8
    DJK
    DJK is offline
    New member
    Join Date
    2010 Sep
    Posts
    11
    Thanks Thanks Given 
    1
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0

    Re: [Delphi] Creating a Simple Game Trainer

    Hey,

    I still haven't found out how to freeze values correctly but I do have another question.. how can I read a text string from memory to a Tlabel ? I know the address of the text value ofcourse, but how to read it in delphi ?

  10. #9
    Dwar
    Dwar is offline
    Veteran Dwar's Avatar
    Join Date
    2010 Mar
    Posts
    2,222
    Thanks Thanks Given 
    211
    Thanks Thanks Received 
    2,230
    Thanked in
    292 Posts
    Rep Power
    10

    Re: [Delphi] Creating a Simple Game Trainer

    I still haven't found out how to freeze
    You can disassemble your program, find instruction that change your address and simple NOP it or find/make JMP instruction to prevent writing data
    how can I read a text string from memory
     //------------------------------------------------
    // Get WideString
    //------------------------------------------------
    function getWideSTR(Hdl, aPointer: Cardinal; length: integer): WideString;
    var
    BytesRead: DWORD;
    buf16: array [0 .. 16] of WideChar;
    buf32: array [0 .. 32] of WideChar;
    buf64: array [0 .. 64] of WideChar;
    begin
    if Hdl <> 0 then
    begin
    if length = 16 then
    begin
    ReadProcessMemory(Hdl, Pointer(aPointer), @buf16, length, BytesRead);
    Result := buf16;
    end;
    if length = 32 then
    begin
    ReadProcessMemory(Hdl, Pointer(aPointer), @buf32, length, BytesRead);
    Result := buf32;
    end;
    if length = 64 then
    begin
    ReadProcessMemory(Hdl, Pointer(aPointer), @buf64, length, BytesRead);
    Result := buf64;
    end;
    end;
    end;

    //------------------------------------------------
    // Get Ansi string
    //------------------------------------------------
    function GetAnsiSTR(Hdl, aPointer: Cardinal; StrLen: integer): string;
    var strread : array of AnsiChar;
    BytesRead : dword;
    i : integer;
    begin
    if Hdl <> 0 then
    begin
    setlength(strread, StrLen);
    ReadProcessMemory(Hdl, pointer(aPointer), @strread, StrLen, BytesRead);
    if string(strread) <> '' then
    Result := string(strread);
    end;
    end;
    Please, post your questions on forum, not by PM or mail

    I spend my time, so please pay a little bit of your time to keep world in equilibrium

  11. The Following User Says Thank You to Dwar For This Useful Post:


  12. #10
    MrSmith
    MrSmith is offline
    Member-in-training
    Join Date
    2010 Aug
    Posts
    85
    Thanks Thanks Given 
    9
    Thanks Thanks Received 
    7
    Thanked in
    4 Posts
    Rep Power
    0

    Re: [Delphi] Creating a Simple Game Trainer

    This stuff is fantastic ty!
    Ever Danced With The Devil By The Pale Moonlight ?

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •