Editing Memory Addresses, Hacking Games

There are multiple reasons to edit memory addresses, usually used in embedded systems; however, some people may prefer to use it to hack some simple games like Minesweeper. Of course, you probably wouldn't want to hack any time-consuming high-skill based games as it would be unfair to other players who worked so hard to get better at the game. Regardless, it would still be a funny prank to change the values of your friend's calculator or excel file right in front of him by the click of a program.

Memory editing can get dangerous and users who know it well can really cheat and hack games, making it difficult for programmers to protect their games. Some users figure out how to use TSearch or other memory scanners and they create methods to edit player healths or experience in RPG games. It's really despicable sometimes, hacking games should only be done to prove your own programming skills and show the developers of a game that they have a vulnerability, not to win in a digital pseudo-world.

Writing Memory on Embedded Systems

Sometimes memory address editing can be important for embedded systems where multiple gadgets and hardware interact with the same memory space.

volatile int *const LEDS = (int*)0x81480000;
*LEDS = 15;             //initialize LEDs

LEDS variable can be used to light up LEDs in a Spartan S3E board for example.

Another method to do the same thing:

#define CLOCK *(volatile int *)(0xFF953300+0x5)
int main(){
  CLOCK = 200;
  return 0;
}

This edits the memory address 0xFF953305 to have the value 200.

It's also possible to create a memory scanner with this method, although you should be careful not to edit wrong memory somewhere which could cause Blue screens of death or worse errors if you accidentally edit your operating system's memory space.

#include <iostream>

using namespace std;

volatile int *SCAN = (int*)0x1BD23C;

int main() {
  for(int i = 0; i < 500; i++){
    if(*SCAN == 4512){
      cout << "We found the value we wanted in the memory.\n";
      *SCAN = 99;
    }
    SCAN++;
  }
  return 0;
}

Although this may not always work, and many adjustments may have to be made to suite your environment. Sometimes your program could just crash.

Writing Memory using WriteMemoryProcess on Windows

Using C++ Win32 API we can edit the memory location that I found on Calculator program of windows, causing it to have a hidden value which isn't the one displayed on the screen.

What happens? Let's say you have 889 in your calculator, then you add 1 to it, and it turns out to be 501??? Hacked.

You can also use ReadProcessMemory to find your value, or use a program like TSearch, try it with your windows calculator program. You may have to press the equal sign first to find the value you're looking for.

#include <windows.h>

int main() {
  HWND hWnd = FindWindow(0, "Calculator");
  if(hWnd == 0){
    MessageBox(0, "Error cannot find window.", "Error", MB_OK|MB_ICONERROR);
  } else {
    DWORD proccess_ID;
    GetWindowThreadProcessId(hWnd, &proccess_ID);
    HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, proccess_ID);
    if(!hProcess){
      MessageBox(0, "Could not open the process!", "Error!", MB_OK|MB_ICONERROR);
    } else {
      int newdata = 500;
      DWORD newdatasize = sizeof(newdata);
      if(WriteProcessMemory(hProcess, (LPVOID)0x57C2A4, &newdata, newdatasize, NULL)){
        MessageBox(NULL, "WriteProcessMemory worked.", "Success", MB_OK + MB_ICONINFORMATION);
      } else {
        MessageBox(NULL, "Error cannot WriteProcessMemory!", "Error", MB_OK + MB_ICONERROR);
      }
      CloseHandle(hProcess);
    }
  }
  return 0;
}

Chinthaka Ranawaka's picture

Hi, WriteProcessMemory fail

Hi,

WriteProcessMemory fail in vista 32bit. do you any solutions for it

Baran Ornarli's picture

It looks like someone

It looks like someone mentioned using VirtualProtectEx which might do the trick, tell me if you have progress with it:

char buffer[256];
DWORD oldProtect = 0;
DWORD numRead = 0;
VirtualProtectEx( hProc, (LPVOID)0x77810F34, 256, PAGE_EXECUTE_READWRITE, &oldProtect );
ReadProcessMemory( hProc, (LPVOID)0x77810F34, buffer, 256, &numRead );
VirtualProtectEx( hProc, (LPVOID)0x77810F34, 256, oldProtect, NULL ); //restore the original protection when you're done

Will's picture

Add a #include statement if

Add a #include statement if you want this to working in a compiler other than Visual C++

semih91's picture

It says "Could not open the

It says "Could not open the process!" how i can fix this?

basscleff's picture

Hi, Write Process Memory fail

Hi,

Write Process Memory fail in vista 32bit.

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account associated with the e-mail address you provide, it will be used to display your avatar.