I see and admire the people who have been doing hacks, and the methods you have used before in use, changing only
bypass modes of strings detected by X-TRAP (in my case was GameGuard).
Today I will show you the first codes we used.
Writing in memory:
First you can use these codes both in a DLL or EXE in proprio. (no need to inject a dll).
~ ~ Declare variables:
I will explain one by oneVar
Pid: Integer;
Pidhandle: integer;
Pid The process ID that is required to write to memory
Pidhandle Kinda the same thing, but a little different: P
At this time, the value is 0 because we are not using them.
~ ~ Create a constant
Ready now the system already knows where vai happen editions of memory.Const
process = 'PRocess.exe'
Finding the PID of the program:
Now pay attention primarily on this linefunction GetID(Const ExeFileName: string; var ProcessId: integer): boolean;
var
ContinueLoop: BOOL;
FSnapshotHandle: THandle;
FProcessEntry32: TProcessEntry32;
begin
result := false;
FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
FProcessEntry32.dwSize := Sizeof(FProcessEntry32);
ContinueLoop := Process32First(FSnapshotHandle, FProcessEntry32);
while integer(ContinueLoop) <> 0 do begin
if (StrIComp(PChar(ExtractFileName(FProcessEntry32.sz ExeFile)), PChar(ExeFileName)) = 0)
or (StrIComp(FProcessEntry32.szExeFile, PChar(ExeFileName)) = 0) then begin
ProcessId:= FProcessEntry32.th32ProcessID;
result := true;
break;
This is the function works as follows, program name and PID variable you declared.function GetID(Const ExeFileName: string; var ProcessId: integer): boolean;
Let's now create a button that makes it
Now you have your function GetID!procedure TForm1.Button1Click(Sender: TObject);
begin
if GetID(process, Pid) then
Showmessage(IntToStr(Pid));
~ ~ Writing in memory
The WPM needs are Process Handle, Address, New Value, Value / address (forgot OO) and Written. Type this:WriteProcessMemory(Pidhandle, Pointer(Address), @NewValue, Data, Written);
RememberVar
Address: Cardinal
NewValue: Integer;
Data: Integer;
Written: Cardinal
Hitherto ta easy but how do we get the PIDHANDLE?byte = 1 byte
word = 2 bytes
cardinal = 4 bytes
~ ~ OpenProcess
We will use OpenProcess () to get the PidHandle
Code CompletePidhandle := OpenProcess(PROCESS_ALL_ACCESS,False,Pid);
Var
Pid: Integer;
Pidhandle: integer;
Address: Cardinal
NewValue: Integer;
Data: Integer;
Written: Cardinal;
procedure TForm1.Button1Click(Sender: TObject);
begin
Address := $04000000;
NewValue := 666;
Data := 4;
if GetID(process,Pid) then
begin
Pidhandle := OpenProcess(PROCESS_ALL_ACCESS,False,Pid);
WriteProcessMemory(Pidhandle, Pointer(Address), @NewValue, Data, Written);
closehandle(Pidhandle);
end else
begin
MessageDlg('Processo não encontrado!!!', mtwarning, [mbOK],0);
end;