Create a PC Memory Editor (Trainer , Hack Tool)

**MW2TopTenWORLD** · 12-14-2013

Hey everyone! Today I will be teaching you on how to make a PC Memory Editor...

First you will need to research the game (process) that you want to modify and obtain offsets from it..
I have already done my research in MW2 :

Code:

//Research by : MW2TopTenWORLD
//Research for MW2 Steam version 1.2.208

XP : 0x01B2C89C
Score : 0x01B2C8AC
Wins : 0x01B2C8E4
Losses : 0x01B2C8E8
Ties : 0x01B2C8EC
Win Streak : 0x01B2C8F0
Kills : 0x01B2C8B0
Headshots : 0x01B2C8C4
Assists : 0x01B2C8B0
Killstreak : 0x01B2C8B4
Deaths : 0x01B2C8B8
Prestige : 0x01B2C8A4

Now let´s head to the actual coding...

NOTE : THIS WAS COPY AND PASTED FROM MY BLOG!!!!

So let´s start...

First add some includes...

Code:

#include <iostream>
#include <windows.h>

Now just add the usual namespace :P

Code:

using namespace std;

Now add your main function

Code:

int main()
{

}

Alright now let´s make a cout...

Code:

cout << "Make sure Modern Warfare 2 is Opened before opening the tool! << endl;
system("Pause");

Now let´s create a FindWindow function (WINDOW NAME NOT PROCESS NAME!!)!

Code:

LPCWSTR Fuck = L"Modern Warfare 2";
HWND hwnd = FindWindow(0, Fuck);

Now we need to create some basic if code to determinate if the Window is opened or not...

Code:

if (hwnd == 0)
 {
  cout << "The game has not been found... please open it before opening the tool next time..." << endl;
  system("Pause");
 }
 else
 {
             cout << "Modern Warfare 2 has been found... Enjoy the tool!" << endl;
        }

Great!

Now you need to add a DWORD , a Function that gets the process ID and writes it to the DWORD and a
Handle function...

Code:

DWORD process_ID;
GetWindowThreadProcessId(hwnd, &process_ID);
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, process_ID);

Now populate it with options!

I will just be doing XP here...

Code:

cout << "Type 1 for XP" << endl;
cout << "Type : ";
int Option;
cin >> Option;

Now let´s make the options if code and the actual write memory code

Code:

if (Option > 1)
  {
   cout << "There is no option higher than 1..." << endl;
   system("Pause");
  }
  if (Option == 1)
  {
...
                }

Ok

Now let´s make a cout that ask us how much XP do we want to write..

Code:

cout << "What do you want to set your XP as?" << endl;
cout << "Type : ";
int XP;
cin >> XP;

Alright now you need to convert the XP to a byte....

by doing this :

Code:

DWORD newdatasize = sizeof(XP);

Now finally we are going to write process memory!!

Code:

if (WriteProcessMemory(hProcess, (LPVOID)0x01B2C89C, &XP, newdatasize, NULL))
   {
    cout << "The XP has been written sucessfully!!" << endl;
    system("Pause");
   }
   else
   {
    cout << "There was an error writing the XP..." << endl;
    system("Pause");
   }

Basicly we are doing if code so we dont get a nasty error when something goes wrong..
Also il explain the WriteProcessMemory syntax... :
WriteProcessMemory(ToThisProcessID, (LPVOID)ToThisOffset, &XP , WithTheseBytes, NULL))...

Now just add the "looping" main(); and a return 0; code

...

You have just made a memory editor!!!

Final source : [C++] #include <iostream> #include <windows.h> using namespace std; int main() - Pastebin.com (If this goes against the "no outside links" rule il delete this link)

Video version :

Original (Blog) Version : MPGH doesnt allow out side links.... sorry

The final tool can be found here : https://www.mpgh.net/forum/191-call-d...tats-tool.html

**abuckau907** · 12-14-2013

Alright now you need to convert the XP to a byte....

by doing this :
Code:

DWORD newdatasize = sizeof(XP);

to a byte? DWORD = 4 bytes.
'newdatasize' will be the same regardless of XP's value --> "convert the XP" was maybe not the best way to phrase that.. we're not converting xp at all, we're simply getting the size of it.

Also il explain the WriteProcessMemory syntax... :
WriteProcessMemory(ToThisProcessID, (LPVOID)ToThisOffset, &XP , WithTheseBytes, NULL))...

WriteProcessMemory(targetProcessHandle ....). Handle, not ID.

[C++] #include <iostream> #include <windows.h> using namespace std; int main() - Pastebin.com

Code:

....
        main();
        return 0;

Since you're recursively calling main() from within its self, you should call CloseHandle() (assuming OpenProcess() was successful). Otherwise the handles won't be freed until the program is terminated.
^^Use some type of loop instead of recursion...something along the lines of while (userInput != "quit") { ... }

**MW2TopTenWORLD** · 12-14-2013

Originally Posted by abuckau907

to a byte? DWORD = 4 bytes.
'newdatasize' will be the same regardless of XP's value --> "convert the XP" was maybe not the best way to phrase that.. we're not converting xp at all, we're simply getting the size of it.

WriteProcessMemory(targetProcessHandle ....). Handle, not ID.

[C++] #include <iostream> #include <windows.h> using namespace std; int main() - Pastebin.com

Code:

....
        main();
        return 0;

Since you're recursively calling main() from within its self, you should call CloseHandle() (assuming OpenProcess() was successful). Otherwise the handles won't be freed until the program is terminated.
^^Use some type of loop instead of recursion...something along the lines of while (userInput != "quit") { ... }

Yh x.x I forgot of CloseHandle().. even tough it is on the final tool -.-.. and this was my first C++ tool and 2nd C++ tutorial

so im not experienced

**gogogokitty** · 01-17-2014

hey i need help, ive only had this problem with world at war and all my other games ive been able to find the window. idk ive tried every name i can think of

Code:

#include <iostream>
#include <windows.h>

using namespace std;

int main()
{
	system("color 0A");
	cout << "Make sure World at War is opened before pressing ENTER..." << endl;
	system("Pause");
	LPCWSTR Waw = L"CoDWaW.exe";
	HWND hwnd = FindWindow(0, Waw);
	if (hwnd == 0)
	{
		cout << "The game has not been found... please open it before opening the tool next time..." << endl;
		system("Pause");
	}
	else
	{
		DWORD process_ID;
		GetWindowThreadProcessId(hwnd, &process_ID);
		HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, process_ID);
		cout << "World at War was found, have fun losers!" << endl;
		system("Pause");
		cout << "Type 1 for points: " << endl;
		int Option;
		cin >> Option;
		if (Option > 1)
		{
			cout << "There is no option higher than 1..." << endl;
			system("Pause");
		}
		if (Option == 1)
		{
			cout << "What do you want to set your points as: " << endl;
			int Points;
			cin >> Points;
			DWORD newdatasize = sizeof(Points);
			if (WriteProcessMemory(hProcess, (LPVOID)0x01B2C89C, &Points, newdatasize, NULL))
			{
				cout << "Go spend your points already\n";
				system("Pause");
			}
			else
			{
				cout << "There was an error writing the Points\n";
				system("Pause");
			}

		}
	}
	main();
	return 0;
}

**abuckau907** · 01-17-2014

Originally Posted by gogogokitty

hey i need help, ive only had this problem with world at war and all my other games ive been able to find the window. idk ive tried every name i can think of

#include <iostream>
#include <windows.h>

using namespace std;

int main()
{
system("color 0A");
cout << "Make sure World at War is opened before pressing ENTER..." << endl;
system("Pause");
LPCWSTR Waw = L"CoDWaW.exe";
HWND hwnd = FindWindow(0, Waw);
if (hwnd == 0)
{
cout << "The game has not been found... please open it before opening the tool next time..." << endl;
system("Pause");
}
...
}

Window Title vs. Process Name ..

**gogogokitty** · 01-17-2014

Originally Posted by abuckau907

Window Title vs. Process Name ..

yea there was more to it than that, thats just what i tried last. turns out i forgot the ® -_- anyways all good now

**abuckau907** · 01-17-2014

I know that..was just pointing you in the right direction. You're welcome.

**gogogokitty** · 01-17-2014

any idea how i would go about doing say ammo and points together? im not sure how to combine multiple addresses and change the values, for instance i want to have points first and after you enter the points it gives you the option to change the ammount of ammo in your primary

Code:

#include <iostream>
#include <windows.h>

using namespace std;

int main()
{
	system("color 0A");
	cout << "Make sure World at War is opened before pressing ENTER..." << endl;
	system("Pause");
	LPCWSTR Waw = L"Call of Duty®";
	HWND hwnd = FindWindow(0, Waw);
	if (hwnd == 0)
	{
		cout << "The game has not been found... please open it before opening the tool next time..." << endl;
		system("Pause");
	}
	else
	{
		DWORD process_ID;
		GetWindowThreadProcessId(hwnd, &process_ID);
		HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, process_ID);
		cout << "World at War was found, have fun losers!" << endl;
		system("Pause");
		cout << "Type 1 for points: " << endl;
		int Option;
		cin >> Option;
		if (Option > 1)
		{
			cout << "There is no option higher than 1..." << endl;
			system("Pause");
		}
		if (Option == 1)
		{
			cout << "What do you want to set your points as: " << endl;
			int Points;
			cin >> Points;
			DWORD newdatasize = sizeof(Points);
			if (WriteProcessMemory(hProcess, (LPVOID)0x018EF124, &Points, newdatasize, NULL))
			{
				cout << "Go spend your points already\n";
				cin.get();
			}
			else
			{
				cout << "There was an error writing the Points\n";
				cin.get();
			}

		}
	}

	main();
	return 0;
}

**abuckau907** · 01-18-2014

Originally Posted by gogogokitty

any idea how i would go about doing say ammo and points together? im not sure how to combine multiple addresses and change the values, for instance i want to have points first and after you enter the points it gives you the option to change the ammount of ammo in your primary...

if (Option == 1)
{
//CHANGE POINTS
cout << "What do you want to set your points as: " << endl;
int Points;
cin >> Points;
DWORD newdatasize = sizeof(Points);
if (WriteProcessMemory(hProcess, (LPVOID)0x018EF124, &Points, newdatasize, NULL))
{
cout << "Go spend your points already\n";
cin.get();
}
else
{
cout << "There was an error writing the Points\n";
cin.get();
}
//CHANGE AMMO. TODO: add code here.
//quote: i want to have points first and after you enter the points it gives you the option to change the ammount of ammo
// cout <<"Would you like to change ammo amount?" << endl;
// Get Input
// If yes, do same as above - collect user input and writeprocessmemory

}

? ?

**coca12345** · 01-19-2014

@MW2TopTenWORLD
Hey mate, thanks for tutorial, I'm still learing C++, so It will really help me!!!
Thanks again

**MW2TopTenWORLD** · 01-19-2014

Originally Posted by coca12345

@MW2TopTenWORLD
Hey mate, thanks for tutorial, I'm still learing C++, so It will really help me!!!
Thanks again

Thanks

!!

**Harava** · 01-23-2014

If you do this in a injectable dll you do not need to use WriteProcessMemory or worry about any windows/processIDs since we are running our code in the same address space. You will need the Psapi.lib though since I use GetModuleInformation.

Code:

#include <windows.h>
#include <Psapi.h>

DWORD BaseAddr;
DWORD ValueOffset = 0xFFFFF;


void WriteDwToMem (DWORD Addr, DWORD valueToWrite)
{
    *(DWORD*)Addr = valueToWrite;
}

DWORD GetBaseAddr(LPCSTR ModuleName)
{
    HMODULE hModule = GetModuleHandle(ModuleName);
    if(hModule==NULL)
    {
        return NULL;
    }
    else
    {
        MODULEINFO modInf;
        GetModuleInformation(GetCurrentProcess(), hModule, &modInf, sizeof(MODULEINFO));
        return (DWORD)modInf.lpBaseOfDll;
    }
}

BOOL APIENTRY DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
    switch (fdwReason)
    {
        case DLL_PROCESS_ATTACH:
            BaseAddr = GetBaseAddr("SomeApp.exe");
	    WriteDwToMem((BaseAddr+ValueOffset), 0xFF);
            break;
    }
    return TRUE; // succesful
}

As you can see this will write the value 255 to the base of SomeApp.exe + 0xFFFFF.

**MW2TopTenWORLD** · 01-23-2014

Originally Posted by Harava

If you do this in a injectable dll you do not need to use WriteProcessMemory or worry about any windows/processIDs since we are running our code in the same address space. You will need the Psapi.lib though since I use GetModuleInformation.

Code:

#include <windows.h>
#include <Psapi.h>

DWORD BaseAddr;
DWORD ValueOffset = 0xFFFFF;


void WriteDwToMem (DWORD Addr, DWORD valueToWrite)
{
    *(DWORD*)Addr = valueToWrite;
}

DWORD GetBaseAddr(LPCSTR ModuleName)
{
    HMODULE hModule = GetModuleHandle(ModuleName);
    if(hModule==NULL)
    {
        return NULL;
    }
    else
    {
        MODULEINFO modInf;
        GetModuleInformation(GetCurrentProcess(), hModule, &modInf, sizeof(MODULEINFO));
        return (DWORD)modInf.lpBaseOfDll;
    }
}

BOOL APIENTRY DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
    switch (fdwReason)
    {
        case DLL_PROCESS_ATTACH:
            BaseAddr = GetBaseAddr("SomeApp.exe");
	    WriteDwToMem((BaseAddr+ValueOffset), 0xFF);
            break;
    }
    return TRUE; // succesful
}

As you can see this will write the value 255 to the base of SomeApp.exe + 0xFFFFF.

This tutorial was intended to make an application , not an injectable dll... still thanks for the info

**KoFar** · 01-29-2014

Good tutorial, just bad that everything gets reseted after game has been restarted

Thread: Create a PC Memory Editor (Trainer , Hack Tool)

Thread Tools

Display

Create a PC Memory Editor (Trainer , Hack Tool)

The Following 3 Users Say Thank You to MW2TopTenWORLD For This Useful Post:

The Following User Says Thank You to abuckau907 For This Useful Post:

The Following User Says Thank You to MW2TopTenWORLD For This Useful Post:

Similar Threads

[Visual Basics Tutorial] Create a Flash game trainer/hack

[Tutorial] How to create simple trainer hack in blackshot

[Tutorial] How To Create a simple Memory Hack

[Release] 6.1 Memory Hacking TooL

[REQUEST]Halo 1 Trainer/hack/mod tool