When I first started out I had trouble finding good examples of Trainers written in my favorite language, VB, that functioned properly. So, I wrote this simple example trainer with a fully commented source code to show others how to use VB to patch game's memory.

------------------------------

The following is the form:Private Sub cmdCheat_Click()
'// This calls the MemPatch Sub. It's parameters are both "Long" datatypes.
mdlMemWrite.MemPatch &H10030B8, "909090"
'// The first parameter is address, the next is data.
'// It is currently setup for making score in Solitaire never change.
End Sub

Private Sub cmdExit_Click()
'// Unload the form. Since were only using one form, we can treat it asa s ingle object and unload it
'// instead of using "end". This also frees up the memory used by the object whereas "end" does not.
Unload Me
'// Since we are unloading the object from the object we can simply use "Me" instead of it's name,
'// which is frmMain. So if we were unloading it from another object it would be "Unload frmMain".
'// When I say end, I mean the following in place of "Unload Me":
'End
End Sub

Private Sub cmdFind_Click()
If mdlMemWrite.DetectGame(Me.txtWindowName.Text) = True Then
'// If the game window is detected and process handle is obtained, then...
Me.cmdCheat.Visible = True
'// Allow user to activate cheat.
Else
'// Otherwise...
Me.cmdCheat.Visible = False
'// Keep it invisible.
End If
End Sub

Private Sub Form_Load()
'// Assign the version variable a value using the application project values.
sVersion = App.ProductName & Space(1) & "v" & App.Major & "." & App.Minor & "." & App.Revision
'// Change the programs Window Caption to "sVersion".
Me.Caption = sVersion
End Sub

Private Sub Form_Unload(Cancel As Integer)
CloseHandle hProcess
'// Close the handle to the process on exit.
End Sub

The following goes in your module:'// These declarations allow us to use Win32 API(Application Programming Interface) Functions from
'// dynamically linked libraries in your system folder.
Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hWnd As Long, lpdwProcessId As Long) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, ByVal lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function VirtualProtectEx Lib "kernel32" (ByVal hProcess As Integer, ByRef lpAddress As Object, ByVal dwSize As Integer, ByVal flNewProtect As Integer, ByRef lpflOldProtect As Integer) As Integer

'// This constant is required for all Windows NT based operating systems. It allows unlimited access to
'// the process by our program when used with OpenProcess().
Private Const PROCESS_ALL_ACCESS As Long = &H1F0FFF

'// Variable declarations.
Private hWnd As Long '// Window Handler
Private pId As Long '// Process ID
Private pHandle As Long '// Process Handler
Public sVersion As String '// Trainer Version

Public Function DetectGame(sWndName As String) As Boolean
'// First we need to find the window. We use Findwindow() and pass a Null ClassName, because it isn't
'// required to find the window, and the WindowName, and return the value into hWnd.
hWnd = FindWindow(vbNullString, sWndName)

'// Debug is a useful statement for checking variable values during run-time.
'Debug.Print hWnd

If (hWnd = 0) Then '// If the Window Handler is null, then...
MsgBox "Error: Window could not be found!", vbCritical + vbOKOnly, sVersion & " -- Error!"
'// Bring up error messagebox.
DetectGame = False
'// Game has failed to be detected.
Exit Function
'// Return to main program flow
End If

'// Now we need the process ID. We call GWTPI, and pass the widnow handler - it will spit the process
'// ID out into "pId"
GetWindowThreadProcessId hWnd, pId

'Debug.Print pId

'// Now we need the process handler. We call OpenProcess() and pass the access we want to it. In this
'// case we want unlimited access to the process. We then pass the process ID we want the handler to.
pHandle = OpenProcess(PROCESS_ALL_ACCESS, False, pId)

'Debug.Print pHandle

If (pHandle = 0) Then '// If the Process Handler is null, then...
MsgBox "Error: Could not get a process handle!", vbCritical + vbOKOnly, sVersion & " -- Error!"
DetectGame = False
Exit Function
End If

DetectGame = True
'// Game has been detected successfully.
End Function

Public Sub MemPatch(lAddress As Long, sData As String)
Dim Length As Integer '// Integer used in a loop.
Dim i As Integer '// Integer used in a loop.

'// This calls WPM and writes our code into the target games memory. It requires a process handle, an
'// lAddress, a value to write there (our code), the Lengthth of the code, and an optional bytes written
'// checksum. All of the parameters are "Long" datatypes.

'WriteProcessMemory pHandle, lAddress, lValue, Len(lValue), 0&

'// Below is an alternative method I'm using which instead uses a string for the data.
'// Use it like: MemPatch &H000000, "FF00FF0090"
If Len(sData) = 1 Then sData = "0" & sData
Length = Len(sData) / 2
For i = 1 To Length
WriteProcessMemory pHandle, lAddress, Chr$("&H" & Left(sData, 2)), 1, &H0
lAddress = lAddress + 1
sData = Right(sData, Len(sData) - 2)
Next
End Sub

------------------------------

The project files and source files for this example are available for download: Here (http://66.177.173.240/Tutorials/Programming%20Tutorials/VisualBasic/Source%20Files/TrainerExample.zip).
A screenshot of the finished project is available here (http://66.177.173.240/Images/Screenshots/Misc/TrainerExample.jpg).

Thx for source .

Can you realease your infinit ammo for rvs ^^ ...

I try to make retlock whit nop or jne .. i search memory adresse but have little probleme .. what ever thx :)

mhh yea
that would be cool if dyslexic can release a infinite ammo ( adresse ). =/

nice one
.: Pinned with many thumb tacks :.

Can you post something about Ragnarok? it's for a private server aeRO and it's my 1st time using your program and it rocks..

ask in the fricken ragnorok forums >.<

Hmm can you write one for Process. rather then getting the Game window name..

im practically a complete noob in making hacks in any language. ive never sucessfully made one. anyways, can i ask you how you got this information:

mdlMemWrite.MemPatch &H10030B8, "909090"

how did you get the &h10030b8 and the 909090. what are those and what do they mean? did you get them from an addres, or can you convert an addres to the &h10030b8 thingy? thanks for your help.

Hmm can you write one for Process. rather then getting the Game window name..If you already know the ProcessHanlde, then skip FindWindow() and use OpenProcess().


im practically a complete noob in making hacks in any language. ive never sucessfully made one. anyways, can i ask you how you got this information:

mdlMemWrite.MemPatch &H10030B8, "909090"

how did you get the &h10030b8 and the 909090. what are those and what do they mean? did you get them from an addres, or can you convert an addres to the &h10030b8 thingy? thanks for your help.It goes like this: mdlMemWrite is an object, a module to be more specific. MemPatch is a method of mdlMemWrite (A method is a function that always returns a void datatype value, which is the same as not returning a value at all). The first parameter is the address we are patching. It's an address in Windows XP Solitaire, and I got it by using SoftICE. The "&H" you see is there because address is passed as a long value, and in order to make it parse hex into decimal you need the "&H". The "909090" is the data we are placing at the address. We are splitting the string we pass into pairs of bytes, like "90" "90" "90" and using the Chr$() function to parse the string. The address and String after being parsed are then passed to WriteProcessMemory().

what would i do if the address is random each time?

and if i read it correctly, 10030b8 is the addres?

and the &H means it's expressed as a long value (4 bytes i think?)

and the value your setting it at is 909090(is this 0? because when i tried it with solitaire, it kept holding it at 0 points)

how did you get the 909090?

by the way, sorry if im trouble im just trying to learn.

909090 = 3 NOP commands. This tells the program to not do anything (NOP = "no operation"). When you use TSearch's Autohack and click a box to get a little red face, that sends 90's (or NOPS) to that command. You need a 90 for every byte of the assembly command.

what would i do if the address is random each time?
Most likely the game would crash. If you alter random lines of code you will probably cause important functions to be overwritten.
and if i read it correctly, 10030b8 is the addres?
Yes, it is the hex equivalent of the address.
and the &H means it's expressed as a long value (4 bytes i think?)
The &H tells the compiler to treat it as hex, which will then be converted to a Long Integer which is 8 bytes long and usually unsigned. If we just passed the hex and didn't add the &H it would not be able to understand the parameter because the address contains alphanumeric characters ("B", etc) without a typedef (a datatype acting like another datatype) or quotations (tells the compiler it's dealing with a string - this would cause a datatype mismatch error because WriteProcessMemory is e xpecting a Long integer value).
and the value your setting it at is 909090(is this 0? because when i tried it with solitaire, it kept holding it at 0 points)
No, it is not zero. NOP = 90 = No Process. NOP is the instruction, 90 is the opcode, or hex equivalent of the instruction. When you compile any programming language into binary data (libraries, executables, etc) all you're doing is converting that script to Assembly Instruction, writing it's hex equivalent to the file, and then it is interpreted by your computer. Assembly has different instruction sets however. These are platforms. Win32 platforms use the 8086 set. I am not writing "909090" to a memory address, I am writing it to an address in the game's code during run-time. If you actually wanted to set a value, you would use the MOV instruction (moves one value into another location).
how did you get the 909090?
They are assembly instructions in the 8086 chipset.
by the way, sorry if im trouble im just trying to learn.
No problem.

new question, so what if i wanted to make the value 5000? would i just do 5000 instead of 909090? thanks for your help :)

What I *think* I did was place a nop instruction each byte of a mov instruction, so you would change the game code from:

nop
nop
nop

to:

mov <score address>, 1388h

This is telling the game to move 1388h into the place storing the score. 1388 is 5000 in hex. When moving a value into a location, you must add the "h" to denote that it is a hex value unless you are using a register or address pointer

ooooohhhhhhhhh it makes sense now. thanks :D *click, on go's the light* and if i understand then, if you want to set any address to a value, it must be in hex?

Yes. Values being moved to an address not in the form of a register or address pointer must be in hex.

ok so i have the pointer 5E7F394. now i would do this to write the value? (im using your trainer on another game if that's ok with you, just to see if i can learn to write memory). cause this didnt work last time i tried it...

mdlMemWrite.MemPatch &H5E7F394, "CC07C9h"

this is supposed to write the value "13371337" but it just like, doesnt work. can you clear this up for me? thanks

Can you give me the actual asm instructions at that address? Ideally you want to hijack a mov instuction already in use placing a value at the address you want.

Also, I noticed that you have an extra h on the data ("CC07C9h"). That's incorrect, When I meant that hex values needed to be followed by an h to denote that it is a hexadecimal value, I meant that in the instruction it should be followed by an h, not in the opcode data itself. For example, if you wanted to do the following code:mov word ptr [esi+00678234], 1337hThe data for that would be:66C786348267003713In order to convert from instruction to opcode, there are 2 utilities I recommend: TSearch's EasyWrite and/or SoftICE's Assembler.

well i dont know asm(guess i should learn it) but i think this is what you mean:

hmm... ok the asm instructions i got were "50A7CD: mov ebx,[eax+0x38]"
now to defeat DMA i was told that you must subtract the 38 from the original value that you have found. so i did that. i came up with 5E7F394. if this isnt what you needed perhaps you can specify it more. thanks :)

I see what you mean now. But that's not necessarily true; The EAX register will not always be equal to the address you find through backtracing. You should make use of SoftICE and find out what the data in EAX is at the time of the breakpoint (As far as I know TSearch does not give this information). Now, I am pretty sure once you find that value, add 56 to it. The 0x38 you see is a byte, and thus is in hex notation. If you were to convert it to Decimal you would get 56. Now, when you add 56 to EAX, you get the address pointer to the value the game is moving into another register - ebx. It is pretty safe to assume that we don't need the pointer at all because the pointer is the source of the value to be moved, therefore we know the game is moving the value we want to change into ebx. Why not just move our custom value into ebx and let the game do the rest, instead of editing the pointer value which can be sloppy and messy?

Use this @ address 50A7CD:mov ebx, 1388hThis will insert the value 5000 into the ebx register, which is where the game seems to be storing the value you want to change. So, let's open up TSearch's easy write and make our trainer code.

Input this:offset 50A7CD
mov ebx, 1388hYou should then get the following:mdlMemWrite.MemPatch &H50A7CD, "BB88130000"

i see thanks man... ill give it a try :D

that can probally send packets? but how?

You would use the MemPAtch Function I created to patch the games memory and hook the Send() and/or SendTo() functions of the game.

The properway to hook a function via memory patching like this is to use the push/pushad instructions to give the call it's parameters(adding things to the stack), then use the call instruction. After that, use pop/popad instructions to remove things from the stack.

This is not bad. But really people need to understand the ASM part really to move on.

Might I suggest getting a program called OllyDbg. Its a bit better then SoftICE. With OllyDbg you can load any program into memory and look at the ASM coding of that program. From here you can do many of things.

Now for tracking down what address is doing doing what, might I suggest using T-Search. This allows you to search for values in the memory, in which once you find the address that stores the value you want, you can use the Auto-Hack/Debugger to do a breakpoint on that address. Now what a breakpoint does is finds all the pieces of ASM code(the code you see with OllyDbg) that access that memory address(that you found with tsearch).

You could also do some of the vb coding a little bit better but I wont go into that. I soon will be releasing a trainer template that might work a little better. Still the coding here is not bad.


There is one thing I do have to say tho. Dont post code unless its your own coding. The coding posted above is actually from someone else trainer template. How do I know? I seen most of the templates. I have a very advanced trainer for the battlefield series. Dont try and take credit for something you didnt know as the staff of the MPC forums will notice.

I wrote that without any "templates", Spontaneous. Of course, such an accusation is understandable; The above method is practically universal among VB trainers because it is the simplest and most obvious way of creating a trainer that write to a games memory.

The functions for it came straight from an Active X plugin I wrote to make it easier and quicker to write trainers.

very nice thank you

Here is some source that is very easy to use to make a trainer. There is no need to edit the module code and the form code is pretty much self explanitory.

MODULE
Public Const PROCESS_ALL_ACCESS = &H1F0FFF

Public Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hWnd As Long, lpdwProcessId As Long) As Long
Public Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Public Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, ByVal lpBuffer As Long, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal Classname As String, ByVal WindowName As String) As Long
Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function EnumProcesses Lib "PSAPI.DLL" (ByRef lpidProcess As Long, ByVal cb As Long, ByRef cbNeeded As Long) As Long
Private Declare Function GetModuleFileNameExA Lib "PSAPI.DLL" (ByVal hProcess As Long, ByVal hModule As Long, ByVal ModuleName As String, ByVal nSize As Long) As Long
Private Declare Function EnumProcessModules Lib "PSAPI.DLL" (ByVal hProcess As Long, ByRef lphModule As Long, ByVal cb As Long, ByRef cbNeeded As Long) As Long
Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (ByVal lpDst As Long, ByVal lpSrc As Long, ByVal ByteLen As Long)

Private Const PROCESS_QUERY_INFORMATION As Long = 1024
Private Const PROCESS_VM_READ As Long = 16
Private Const MAX_PATH As Long = 260

Public Function ReadMemory(hProcess As Long, lpAddress As Long, ReturnBuffer() As Byte, BytesToRead As Long)

Dim lpBuffer As String, BytesRead As Long, rBytes As Long

ReDim ReturnBuffer(BytesToRead)
BytesRead = ReadProcessMemory(hProcess, lpAddress, ByVal VarPtr(ReturnBuffer(0)), BytesToRead, rBytes)
ReDim Preserve ReturnBuffer(BytesRead)

End Function

Public Function ReadMemory2(lHwnd As Long, lpAddress As Long, ReturnBuffer() As Byte, BytesToRead As Long)

Dim lpBuffer As String, BytesRead As Long, rBytes As Long
Call GetWindowThreadProcessId(lHwnd, pId)
hProc = OpenProcess(PROCESS_ALL_ACCESS, False, pId)

If (hProc) Then
ReDim ReturnBuffer(BytesToRead)
BytesRead = ReadProcessMemory(hProc, lpAddress, ByVal VarPtr(ReturnBuffer(0)), BytesToRead, rBytes)
ReDim Preserve ReturnBuffer(BytesRead)
CloseHandle hProc
End If
End Function

Public Function WriteBytes(ByVal WndText As String, ByVal Address As Long, ByRef buffer() As Byte) As Boolean
WriteBytes = False

Dim hWnd As Long, pId As Long, hProc As Long
hWnd = FindWindow(WndText, vbNullString)
If (hWnd) Then
Call GetWindowThreadProcessId(hWnd, pId)
hProc = OpenProcess(PROCESS_ALL_ACCESS, False, pId)

If (hProc) Then
Call WriteProcessMemory(hProc, Address, buffer(0), (UBound(buffer) + 1), 0)
Call CloseHandle(hProc)
WriteBytes = True
End If
End If
End Function

Public Function WriteBytes2(ByVal l_Hwnd As Long, ByVal Address As Long, ByRef buffer() As Byte) As Boolean
WriteBytes2 = False

Dim hWnd As Long, pId As Long, hProc As Long
hWnd = l_Hwnd
If (hWnd) Then
Call GetWindowThreadProcessId(hWnd, pId)
hProc = OpenProcess(PROCESS_ALL_ACCESS, False, pId)

If (hProc) Then
Call WriteProcessMemory(hProc, Address, buffer(0), (UBound(buffer) + 1), 0)
Call CloseHandle(hProc)
WriteBytes2 = True
End If
End If
End Function

Public Function GetProcessByName(ByVal EXEName As String) As Long

Dim cb As Long
Dim cbNeeded As Long
Dim NumElements As Long
Dim ProcessIDs() As Long
Dim cbNeeded2 As Long
Dim NumElements2 As Long
Dim Modules(1 To 200) As Long
Dim ModuleName As String
Dim hProcess As Long
Dim i As Long

cb = 8
cbNeeded = 96

Do While cb <= cbNeeded
cb = cb * 2
ReDim ProcessIDs(cb / 4) As Long
EnumProcesses ProcessIDs(1), cb, cbNeeded
Loop
' ETC
NumElements = cbNeeded / 4

For i = 1 To NumElements
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION Or PROCESS_VM_READ, 0, ProcessIDs(i))

If hProcess <> 0 Then
If EnumProcessModules(hProcess, Modules(1), 200, cbNeeded2) <> 0 Then
ModuleName = Space(MAX_PATH)

If (InStr(1, Left$(ModuleName, GetModuleFileNameExA(hProcess, Modules(1), ModuleName, 500)), EXEName) > 0) Then
GetProcessByName = hProcess
Exit Function
End If

End If
End If

CloseHandle hProcess
Next

End Function

FORM:
Private Const m_cheatname1_Code_Location As Long = &HADDRESS ' the mem address goes here. E.g 12345

Private Sub cmdCheat1_Click()

Dim buffer(2) As Byte '2, the number of buffers, edit accordingly
buffer(0) = &H01
buffer(1) = &H02
buffer(2) = &H03

If WriteBytes("GAME WINDOW NAME", m_cheatname1_Code_Location, buffer()) = True Then
MsgBox "The Cheat Was Enabled " & vbCrLf & "<Cheat Name> is now on ", vbInformation, "Done"
Else
MsgBox "Cheat Could not be enabled! " & vbCrLf & "Please check that <game> is currently running!", vbCritical, "ERROR"
End If
End Sub

Private Sub cmdExit_Click()
End
End Sub

wait will this stop me from loosing my memory like is this going off code instead of memory.

ok i download da code but everytime i change WindowName i get and erro
and hwo i cant Freeze adress at 0 or 1 for example

i have this adress+pointer:

40522D (adress) + 323 (pointer)

result adress: 40545f (correct me if i wrong)

now the value need to freeze its 0

40545f @ 0

how i do this whit the source

Above All. Thanks for sharing your knowledge.

I would like to download DyslexicCheater's source code (or at least see a screenshot :) ) but, at least for me, site is not accessible.

Please repost or reactivate. Thank you.

ok i download da code but everytime i change WindowName i get and erro
and hwo i cant Freeze adress at 0 or 1 for example

i have this adress+pointer:

40522D (adress) + 323 (pointer)

result adress: 40545f (correct me if i wrong)

now the value need to freeze its 0

40545f @ 0

how i do this whit the source


you have to use a timer and place the value you want in memory 2 or three times a second (for example, depending on the game)

Above All. Thanks for sharing your knowledge.

I would like to download DyslexicCheater's source code (or at least see a screenshot :) ) but, at least for me, site is not accessible.

Please repost or reactivate. Thank you.


think the files got lost in defacement?
your best bet is to send a pm to DyslexicCheater


//


@DyslexicCheater:

NEVER EVER use the End statement!
it is the same as ending the process in the task manager.
if you have multiple forms and need to unload them all,
use this code:
Dim i As Long
For i = Forms.Count - 1 To 1 Step -1
Unload Forms(i)
Next

Thanks for the source code...

[...]

think the files got lost in defacement?
your best bet is to send a pm to DyslexicCheater



Thanks for this hint.
:)

Hi , this write to memory address code in this thred is real good and i seem to be able to use it a bit.

But whats the code to actually read a memory address into your own program?, i want to be able to collect data from a game im playing for advanced tactical purposes ;-)

Can anyone help?

Steve

take a look at this api:

Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long

it should do what you want

yeah i noticed that but i dont notice any ussage/example code.

i guess im a complete noob in this area but i know how to notice code and its functions sometime , i know how to kinda hammer snippets of code together to make it do what i want but it helps to have a example to work with...


Steve

lol have you thought about google?

the first 5 hits gave atleast 2 samples and one explanation for a total debugger....

anyway:


'You Need a button (Command1).
' MaRiØ G. Serrano. 16/Abril/2002.-
Private Const PROCESS_ALL_ACCESS As Long = &H1F0FFF
Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hWnd As Long, lpdwProcessId As Long) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function WriteString Lib "kernel32" Alias "WriteProcessMemory" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, ByVal lpBuffer As Any, ByVal nSize As Long, ByVal lpNumberOfBytesWritten As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
'Private Declare Function WriteValue Lib "kernel32" Alias "WriteProcessMemory" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, ByVal lpNumberOfBytesWritten As Long) As Long

Private Sub Command1_Click()
Dim str As String, MyString As String
MyString = "HELLO"
'in this case I read the memory of my own process
MsgBox "MyString= " & MyString

str = ReadMemory(Me.hWnd, StrPtr(MyString), LenB(MyString), "BYE!!")

MsgBox "Now, MyString=" & MyString & vbCr & "Old Value= " & str

End Sub
Private Function ReadMemory(hWnd As Long, Address As Long, Bytes As Long, Optional strReplaceWith As String) As String
'Runs For Not Unicode Strings (VB-Strings)
On Error Resume Next
Dim pId As Long ' Used to hold the Process Id
Dim pHandle As Long ' Holds the Process Handle
Dim bytValue As Long 'Stores the value of a byte in the memory
Dim i As Long
Dim Text As String

' Get the ProcId of the Window
GetWindowThreadProcessId hWnd, pId

' use the pId to get a handle
pHandle = OpenProcess(PROCESS_ALL_ACCESS, False, pId)

If (pHandle = 0) Then
'MsgBox "Unable to open process!"
Exit Function
End If
If Address = 0 Then Exit Function

For i = 1 To Bytes Step 2
' Read Byte to Byte
ReadProcessMemory pHandle, Address + i - 1, bytValue, 1, 0&
'value now contains the long value of the byte located in [Address + i - 1] pos.
'ReadMemory is a string...

ReadMemory = ReadMemory & Chr$(bytValue)
Next
'to write numeric values you can ..(Must) use WriteValue API
If LenB(strReplaceWith) <> 0 Then
'No Unicode!!
WriteString pHandle, Address, StrPtr(strReplaceWith), LenB(strReplaceWith), 0&
End If
'Close the Handle
CloseHandle pHandle
End Function

ive been going nuts over google to try find something relevent in vb but come up with examples that dont work etc , the above example kinda works

Edit:

well ive managed to understand bits of the above code however couldent addapt it to read memory from a address only

i wanted it to read address &HB7CE50 from Pid 2784 (changes i know) and then display it in a msgbox

if anyone could give me the code i need id be very greatfull :-)
sorry if im annoying its just im trying to make a new program addon for GTA SA if im sucessfull it should be a great app for clans/goon squads...

steve

ive been going nuts over google to try find something relevent in vb but come up with examples that dont work etc , the above example kinda works

Edit:

well ive managed to understand bits of the above code however couldent addapt it to read memory from a address only

i wanted it to read address &HB7CE50 from Pid 2784 (changes i know) and then display it in a msgbox

if anyone could give me the code i need id be very greatfull :-)
sorry if im annoying its just im trying to make a new program addon for GTA SA if im sucessfull it should be a great app for clans/goon squads...

steve

what kind of data are you trying to read, strings, longs, ints, bytearrays or so?

well "TSearch" refers to them as "Type 4 Bytes" and returns a number value

Steve

well "TSearch" refers to them as "Type 4 Bytes" and returns a number value

Steve

that would be a long

because i'm in a good mood:

Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long

Private Const PROCESS_ALL_ACCESS As Long = &H1F0FFF


Private Function ReadMemoryLong(pID As Long, Address As Long) As Long
On Error Resume Next
Dim pHandle As Long ' Holds the Process Handle
If Address = 0 Then Exit Function 'don't try to read from address 0!
pHandle = OpenProcess(PROCESS_ALL_ACCESS, False, pID) 'open a handle to the process
If (pHandle = 0) Then 'somthing went wrong :(
Exit Function
End If
ReadProcessMemory pHandle, Address, ReadMemoryLong, 4, 0&
CloseHandle pHandle
End Function

hope your still in a good mood because whats the useage code bit?;-)

sorry if ive been so annoying , its been ages since ive been programming since ms dumped it and replaced it with a fake version called vb.net its kinda been hard to get help and stuff....

on the plus side if i manage to make the larger program you get ya name in the help>about screen for helpin me :D hehe

Steve

whats the useage code bit?;-)

can you explain that, i'm not sure what you are trying to ask...

can you explain that, i'm not sure what you are trying to ask...

well the command within the program to access the mem read is:

ReadMemoryLong

after ReadMemoryLong you have to add stuff like the PID then address , but in what format/style? do you get what i mean? can you show me a example of how to summon a peice of data from a address using that command for this source example.

hope you get what i mean.

Steve

how to use this function is basic knowledge, but here you go:
dim tmpPid as long
dim cheatAddress as long
dim retValue as long
'add your calculations here to get the pid, assign it to tmpPid
'add your calculations here to get the address of the cheat assign it to cheatAddress
'ofourse you can also replace
'Dim cheatAddress as long
'with somthing like:
'const cheatAddress as long = &H40000
retValue = ReadMemoryLong(tmpPid,cheatAddress)


didnt check the code, so there could be small typo's in this piece of code

that code seems to work great :-D thanks a lot , im gonna be screwing around with gta for a bit now, if i get stuck again which i dout ill know who to bug :) so thanks again :-)

Steve

hi, im back again :-D , ive been sucessfull in forming my trainer app but now i come across a issue of getting certain memory values that are "Float" the code i was given doesent cover that and im wondering can vb6 do it? and if so i need help with basic code again (sorrys)

Steve

hi, im back again :-D , ive been sucessfull in forming my trainer app but now i come across a issue of getting certain memory values that are "Float" the code i was given doesent cover that and im wondering can vb6 do it? and if so i need help with basic code again (sorrys)

Steve

hi steve,

only a few changes to the code,
you can copy the function we used before, and change these things:

the name (the name of the function is used in the readprocessmemory also, don't forget it)
the return type (was long, should be Single)
the number of bytes to read from memory, was 4 needs to be 6

thanks for the instructions :-) havent got around to testing it yet cos the program im putting this all into is a mess at all ends , its a bit of a nightmare to be honist but i will be useing your code :)

thanks again

Steve

so the new code would be something like

Private Function ReadMemoryfloat(pID As Long, Address As Single) As Long
On Error Resume Next
Dim pHandle As Long ' Holds the Process Handle
If Address = 0 Then Exit Function 'don't try to read from address 0!
pHandle = OpenProcess(PROCESS_ALL_ACCESS, False, pID) 'open a handle to the process
If (pHandle = 0) Then 'somthing went wrong :(
Exit Function
End If
ReadProcessMemory pHandle, Address, ReadMemoryLong, 6, 0&
CloseHandle pHandle
End Function


then i use this code to try access this function:



Private Sub Command5_Click()
tmpPid = PIDD
cheatAddress = &HC5F5DB4
retValue = ReadMemoryfloat(tmpPid, cheatAddress)
money = Text1

End Sub



i get a error from it , im useless at debugging code at this level :-(

so the new code would be something like
...

then i use this code to try access this function:

....


i get a error from it , im useless at debugging code at this level :-(


no your code doesnt look like that,
i said change the return type to single
you changed the address to single
it is more like this:


Private Function ReadMemoryfloat(pID As Long, Address As Long) As Single
On Error Resume Next
Dim pHandle As Long ' Holds the Process Handle
If Address = 0 Then Exit Function 'don't try to read from address 0!
pHandle = OpenProcess(PROCESS_ALL_ACCESS, False, pID) 'open a handle to the process
If (pHandle = 0) Then 'somthing went wrong :(
Exit Function
End If
ReadProcessMemory pHandle, Address, ReadMemoryFloat, 6, 0&
CloseHandle pHandle
End Function


also the address looks wrong to me?
are you shure it is the correct address?



the code to call it is not too clear...

first of all, at the top of ALL forms and modules and crap
type "Option Explicit"
(without quotes)

it will force you to declare ALL variables.
this way you will get no strange errors when you mistype a variable,


then declare all vars used like this:




Private Sub Command5_Click()
dim tmpPid as long
dim retValue as Single
tmpPid = PIDD
cheatAddress = &HC5F5DB4
retValue = ReadMemoryfloat(tmpPid, cheatAddress)
money = Text1

End Sub




i get a error from it , im useless at debugging code at this level :-(
now that is a clear description.....

error number, description and on what line...

i get a error in function "Private Function ReadMemoryfloat"

on line
ReadProcessMemory pHandle, Address, ReadMemoryLong, 6, 0&

:argument not optional on word "ReadMemoryLong"

when trying to read address 0xC5F5DB4 (not familure with this address format" i dont get any value returned probly cos the poor correction attempts i made on the code....

Steve

lol what about changing ReadMemoryLong on that line also to ReadMemoryFloat

well thinking it was right to do that i did so anyway to see what the result was before i said about the error i wasent sure if i did right or wrong but the code wouldent return any value from 0xC5F5DB4 , how do i enter that into the code?

cheatAddress = 0xC5F5DB4 - invalid
cheatAddress = &H0xC5F5DB4 - invalid
cheatAddress= &HC5F5DB4 - valid but returns no value

sorry if im really annoying...

Steve

well thinking it was right to do that i did so anyway to see what the result was before i said about the error i wasent sure if i did right or wrong but the code wouldent return any value from 0xC5F5DB4 , how do i enter that into the code?

cheatAddress = 0xC5F5DB4 - invalid
cheatAddress = &H0xC5F5DB4 - invalid
cheatAddress= &HC5F5DB4 - valid but returns no value

sorry if im really annoying...

Steve


hey steve, long time since i checked here

&HC5F5DB4 is the correct way to have a hex value in vb, you should check the address to make sure it is correct!

is this kind of hacking working?
i was making a trainer for bf2 search for adress and let bf2 open made the trainer.
the trainer worked but after i restarted bf2 the trainer doesnt work anymore.

another question what is the best programm to make programms with vb6?

Thanks for help.

sorry for my bad english!

ofc is it not working, we are talking complete bullshit here....



and for the thing not working anymore,
look for tutorials about DMA,
short said: the data is stored in a new place everytime you start bf2, so you have to search for the functions that change the data, and see what they are reading


and the best program to make programs with vb6?
lol that should be.... vb6

ok but where can i download that?

[EDIT] Visual Studio 6.0???

i have now MVB2005EE but that is for vb.net
i want to do something easer like vb6.

thanks!!

[EDIT]

an other question you said you have to search for the functiion that change the data. is a debugger only way to find that?
if that is true there is noway to hack bf2 because you cant attach debuggers to bf2. or are there debuggers how can?

Thanks!

an other question you said you have to search for the functiion that change the data. is a debugger only way to find that?
if that is true there is noway to hack bf2 because you cant attach debuggers to bf2. or are there debuggers how can?

Thanks!

It tricks Windows into thinking its already being debugged, so you wont be able to attach a debugger.

Heres a tutorial by Faldo on how to get around it
http://www.mpcforum.com/showthread.php?t=96339

ok thanks!!

the link is not valid :(

The one in the first post?

Well, the code for the form and the module was posted, you should be able to create a new project yourself.

ah I thought there was more in the zip

I want to add 10000 points at solitarie

Asm:

10030B8: mov [esi+0x30],eax

On TSearch EasyWrite:

offset 10030B8
mov [esi+0x30] , 2710h

what I write instead [esi+0x30] ?

can you explain me the meaning of:


If mdlMemWrite.DetectGame(Me.txtWindowName.Text) = True Then


where I put the name of the window?

thx

up
:(