Finne verdien av noe i minnet/endre det. Hvordan?

[Dahl]

Hvordan kan jeg finne verdien av noe som ligger i minnet, og hvordan kan jeg endre det?

F. eks. vil jeg gjerne ha verdien av $492DB0 skrevet ut som Caption på en Label, på FormCreate.

Denne memory adressen er antall experience points man har i et spill som heter Tibia...

 

Takker for hjelp!

[MailMan13]

24bits adresse, tror du mangler litt der?

 

Hvis du har tilgang til å lese denne adressen er det jo bare å lage en peker på vanlig måte, vet ikke hvordan det blir i Delphi, men i C blir vel noe sånt:

 

int poeng = (int) *(0x492DB0);

 

Det forutsetter:

A: At dette er den absolutte fysiske adressen.

B: Et operativsystem som tillater at programmer adresserer i hytt og pine, f.eks DOS og Win 9X

[Dahl]

Men så vet jo ikke jeg hvordan vanlig måte er da...

Er VELDIG grønn på dette...

[runeb]

Her er en liten kodebit som skriver viser innholdet av en gitt adresse som både en tekststreng og en integer. Men den virker bare på addresser programmet har tilgang til, så det løser ikke problemet ditt (men det hjelper deg kanskje på vei). Hvordan en får tilgang til minneområder utenfor sin egen prossess vet jeg ikke, men jeg antar det kan ordnes med de rette Windows API-kallene...

 

var P: Pointer;
begin

 P := Ptr($425CFF);
 Label1.Caption := PChar(P); 
 Label2.Caption := IntToStr(Integer(P^));
end;

[john_h]

Husker jeg leste en tutorial om slikt en gang i mine yngre dager... Og her er den:

#################################################################
#################################################################
##                                                             ##
## Creating a Game Trainer in Delphi 4                         ##
##                                                             ##
## In this tutorial, I'm going to outline all the basic API    ##
## and code necessary to create a trainer in Delphi 4. A basic ##
## knowledge of Delphi is preferred, but Delphi's a damn easy  ##
## language to learn anyway.                                   ##
##                                                             ##
#################################################################
#################################################################

###############
# The Concept #
###############

Okay, this is what we want the trainer to do. We run the 
game, and then [alt][tab] out to Windows. We run the
trainer, and press a button. This action will poke a
value into a certain memory address of the game. So
if we know the memory address of the money in a game,
we can hack the money using this trainer.

To make a trainer, here are the basic things we need.

The Game's Window Title:
Run the game, and then alt-tab out to Windows. Look at
the taskbar for your game, and write down the exact
window title.

The Memory Address (in hex):
Using a program like GameHack [www.gamehack.com] or
MTC, we can do a search for any value and find the
memory address. An example address in hex form is
41D090. Write the address down somewhere.

A Value To Poke (in hex):
So we have the memory address. What value do we want
to poke into it? Let's say I want 50 gold, so first,
I must convert 50 into hex form using a hex converter.
The converter says 32, so write this number down also.

Number Of Bytes:
In the value to poke that you wrote down above, you 
must also know how many bytes this will take up in 
memory. For example, 32 will take up only 1 byte, but
FF07 will take up two bytes. In general, two digits
take up one byte.

##########################
# Let's Start The Coding #
##########################

We are going to use the Win32 API to poke values
into the memory of another process. Here are the
functions we'll be using, in the correct order:

FindWindow
GetWindowThreadProcessId
OpenProcess
ReadProcessMemory
WriteProcessMemory
CloseHandle

[Read up these API fuctions in the Win32.hlp file for full
details. I will only go through the basics such that 
beginners can just copy and paste the code in this turorial]

The coding begins. First we declare our variables.
Copy and paste these into your code:

       Var WindowName : integer;
           ProcessId : integer;
           ThreadId : integer;
           buf : PChar;
           HandleWindow : Integer;
           write : cardinal;

Time to declare all the important stuff. Copy and paste
the following into the same area of the code. Set up the 
following variables to what you have written down earlier.

       Const WindowTitle = 'prog test';
             Address = $41D090;
             PokeValue = $32;
             NumberOfBytes = 1;


Now to poke a value, you must get the handle of the
memory of the game. There is no direct way to do this, 
so here's what we do.

1) Get the main window's handle.
2) With the handle, get the process identifier.
3) With the pID, get the handle of the memory area.
4) With this handle, we can start hacking!

First, we need to get the handle of the main window of 
the game. Use the FindWindow function like this:

       WindowName := FindWindow(nil,WindowTitle);
       If WindowName = 0 then
            begin
        MessageDlg('The game must be running in the background. Run it now, and then try again.', mtwarning,[mbOK],0);
            end;

Notice that the code checks whether windowname is zero. 
If it is, it means the game is not running, so we warn 
the user and tell him to run the damn game now!

Next, we need the window's processidentifier. We use the
GetWindowThreadProcessId function for this. Then we get
the handle of the memory are using OpenProcess. Copy the
code below.

       ThreadId := GetWindowThreadProcessId(WindowName,@ProcessId);
       HandleWindow := OpenProcess(PROCESS_ALL_ACCESS,False,ProcessId);

That's it! Now we can use WriteProcessMemory to hack 
into the handle. Once we're done, we close the handle, just
to be safe. Copy the code below.

       GetMem(buf,1);
       buf^ := Chr(PokeValue);
       WriteProcessMemory(HandleWindow,ptr(Address),buf,NumberOfBytes,write);
       FreeMem(buf);
       closehandle(HandleWindow);

Below is the source code for the entire trainer. For beginner
programmers, to make a fast trainer, all you have to do is change
the constants declared in the beginning of the code.

############################################################
############################################################
####                                                    ####
####            Trainer +1 For MTC's Prog Test          ####
####            Source Code  (Delphi 4)                 ####
####            Copyright 1999 By CheatMagic            ####
####                                                    ####
############################################################
############################################################


Var WindowName : integer;
   ProcessId : integer;
   ThreadId : integer;
   buf : PChar;
   HandleWindow : Integer;
   write : cardinal;
Const WindowTitle = 'prog test';
     Address = $41D090;
     PokeValue = $32;
     NumberOfBytes = 1;

###########################################################
# (Put the following code inside a command button routine)#
###########################################################

begin

WindowName := FindWindow(nil,WindowTitle);
    If WindowName = 0 then
      begin
         	MessageDlg('The game must be running in the background. Run it now, and then try again.', mtwarning,[mbOK],0);
      end;

 ThreadId := GetWindowThreadProcessId(WindowName,@ProcessId);
 HandleWindow := OpenProcess(PROCESS_ALL_ACCESS,False,ProcessId);

 GetMem(buf,1);
 buf^ := Chr(PokeValue);
 WriteProcessMemory(HandleWindow,ptr(Address),buf,NumberOfBytes,write);
 FreeMem(buf);
 closehandle(HandleWindow);

end;



Written By Fairuz Lokman
Copyright 1999 By CheatMagic

[Dahl]

Tusen takk skal du ha!

[Dahl]

Hmm... Iflg. denne toturialen må man definere hvor mange bytes adressen tar.

Men problemet er at denne adressen kan være alt fra 1 til 9 bytes...

(Ettersom at 2 tall tar 1 byte, iflg. toturialen).

[Tr1llobite]

24bits adresse, tror du mangler litt der?

Nix, Delphi regner med at du kun har tatt med bare den nødvendige delen.

Det blir det samme som å si at verdien av 00000256 er en annen enn 256. (Det lærte jeg på skolen )

[ChrML]

Vel, regner med at addressa di er den relative addressa i forhold fra den første byten i minnet til programmet (ettersom den faktiske addressa varierer). Det står masse informasjon om hvordan man lager trainere på google.com, og hvordan man finner ut den faktiske addressen ut fra relative addressen ved hjelp av prosessnavnet.

 

Lykke til!