How to Write into Another Processes Memory with C++.

Mar 3, 2016 08:23 AM
Mar 3, 2016 12:03 PM
635925551912542287.jpg

Hello, this is my first post on Null-Byte. This is made for those who have an interest in writing into another processes memory. Why would you want to do this? Who knows, personally I just wanted to mess around with games on my computer(have unlimited health).

In this tutorial we will write into another process externally.

This is done using the Windows API as the API has various functions we can use for this task, so this only works on windows.

This is for education purposes only, I am not responsible for what you do with this knowledge.

This tutorial assumes you have some basic C++ knowledge such as pointers, data types, functions, and control statements. This tutorial is the simplest way I could demonstrate how this process is done.

You'll also need an IDE. Or some type of way to turn the source into a console app.

Assuming you're ready for this, let's start.

Step 1: Build This

This is just a quick program I made that we can write into. All this program does is count down from 100 and terminates when it reaches 0. I won't spend too much time explaining this but I left comments.

Comments are the words after the //

Just build it into a release target and run it.

Lose Heath

When you run the program it should look something like this

635925551912542287.jpg

Now that you have that running. Observe at the top it says Address of Health: 0x28feec.

For me that's what the address of the health variable is, yours could be different. But be sure to write this down.

Usually programs won't let you know what the address of a certain variable is, without using a memory scanner or debugger. So to demonstrate how this is done purely in C++. I decided to give the address to you for the sake of ease.

Since this program counts down until it hits 0. I decided to make another program that externally alters the health value. So it never reaches 0.

In this next program I used the following Windows API calls.

FindWindow

GetWindowThreadProcessID

OpenProcess

WriteProcessMemory

CloseHandle

FindWindow does what it says it does, literally Finds the Window that you want. In this case it's "Lose Health".

GetWindowThreadProcessId gets you the process ID.

OpenProcess allows you to Open the process using the process ID.

WriteProcessMemory is where the magic happens. This function alone lets you change the value at the address directly.

CloseHandle is used to close the handles to FindWindow and OpenProcess. Basically cleans up your program.

More information on these calls can be found through google.

With this information alone, along with basic C++, you should know what to do from here. If not, fear not for I've completed the task for you.

Source

I used if statements to check if we were able to find window, open process and what not. Just to check if anything goes wrong really.

WriteProcessMemory(hProc,(BYTE)0x28feec,&Value,sizeof(Value),NULL);

where you see 0x28feec change this address to the one your "Lose Health" program has.

That's it really. Build and release..

Now Run Lose Health(You HAVE to run this first) then run the new program and Boom.

635925597496115892.jpg

Not only did health stop decreasing, but now It will constantly be set to 999, unless you press F1 or exit the program.

That's basically it. You can use this as long as you have a specific address that you can write to.

Hope this helps in someway.

Special Thanks to dontrustme! couldn't have done it without him.

Comments

No Comments Exist

Be the first, drop a comment!