GameTrainer: A Tool to Train Games

• Download source and demo project - 33.05 KB

Introduction

With the aid of few Windows API calls, it is easy to read and write the memory of other running processes. By monitoring the memory of such processes, it is easy to detect where memory locations contain peculiar variables in games (bullets, gold, lives, etc.); as soon as the variable is found, it can be overridden with a new value.

The functioning of the program is very easy and with it, a gamer can obtain the desired amount of these elements.

Background

Windows provides programmers with few APIs that are useful to access for reading and writing the memory of another running process: the following paragraph shows the used APIs and how platform invoke is employed in order to use them in C#.

// Used to read the memory of a process
[DllImport("Kernel32.dll")]    
public static extern bool ReadProcessMemory
	(IntPtr hProcess, IntPtr lpBaseAddress, byte[] buffer, 
	UInt32 size, ref IntPtr lpNumberOfBytesRead);
    
// Used to open process for reading and writing memory 
[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(UInt32 dwDesiredAccess, 
	bool bInheritHandle, UInt32 dwProcessId);

// Used to close the process    
[DllImport("kernel32.dll")]    
public static extern Int32 CloseHandle(IntPtr hObject);

// Used to write into the memory of a process    
[DllImport("kernel32.dll")]    
static extern bool WriteProcessMemory(IntPtr hProcess, 
	IntPtr lpBaseAddress, byte[] lpBuffer, Int32 nSize, 
	out IntPtr lpNumberOfBytesWritten);

Using the Program

The functioning principle of GameTrainer is very simple: it is based upon the fact that during a game certain game, variables (like bullets, lives, gold, etc.) change their value; by monitoring this value during a gameplay, it is easy to detect where these variable are stored in memory. Once the memory location is found, its value can be changed as desired. The graph here below shows the procedure a gamer should use to accomplish this task.

The sequence to follow is very easy and evolves through the steps shown in the flow chart. During the game, the user must choose the variable to monitor (for example, the amount of gold). At this point, the game must be paused and GameTrainer must be launched and it must be commanded to search for the quantity of gold present in the game (like in the picture below): in the value textbox, the user should put the amount to search. The length combobox shows three values (1, 2 and 4): this value indicates how many bytes are needed to store the variable to search. In this case, 2 has been chosen since 1000 needs two bytes to be stored.

When the search button is pressed, the memory is searched for the requested value; after few moments (when the memory search has finished), the following form is shown:

It means that to find the variable, the user has to refine the search: in other words, he has to resume the game and stop a little later until the variable changes (in the example, the new variable to search is 1001). When finally the variable is found, the shown form is the following one: it shows the memory location and presents a combobox where the user can choose the new value for his variable !

History

• 6^th May, 2007: Version 1.0