Previously I have shown you how to create a C++ CLI .dll file so that you can easily make a GUI for your .dll files. In this blog, I will be showing off how to use this .dll file to manipulate a game’s memory and create a “trainer” or cheat tool. Just as before if I mention a concept that has a long explanation, chances are I will have the documentation or video guide linked below this blog. With that being stated, let's get coding.
Some Quick Additions
Before we continue with part two of “Creating and Using a C++ CLI .dll” I have to note that I have made some additions to the project. Today I will be showing you how to read from and write to memory using our .dll file. Before we can do this we must add a few files known as “Memory.cpp”, “Memory.h”, and “Scanner.h”. Essentially these files allow us to read from a specific address or pointer in an application's memory as well as write to an address as well.
You can read more about the “Memory::WriteMemory” function here: https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-writeprocessmemory.
You can read more about the “findPattern” function here: https://guidedhacking.com/threads/findpattern-signature-scan.9967/
Using Our Memory and Scanner
Now that we have the files “Memory.cpp”, “Memory.h”, and “Scanner.h” created we need to include them in our MyForm.h as seen below so we have access to their functions.
After including both files we can define our memory “begin” and “end” as well as define our “memory” and “scanner” functions like shown in the following picture.
Setting the value of dwBegin and dwEnd may be specific to your situation. In my case the game’s memory I want to mess around with starts at address 0x4000000. For DLL’s the default ImageBase is 0x400000, which can be read about here: https://docs.microsoft.com/en-us/previous-versions/ms809762(v=msdn.10)?redirectedfrom=MSDN
Making A Few Visual Changes
In the first blog on this subject, I showed off a .dll file that has a simple WindowsForm and Button on that WindowsForm.
For the purpose of this tutorial, we are going to change the WindowsForm a bit so that we can have a button that will write to the game’s memory as well as a textbox to read from the game’s memory.
To better explain how this works, I have named the buttons after what they will do. “Read Memory” will use our “Scanner” to scan the memory at a specific address and return the value at that address in our textbox. “Write Memory” will take the value that we type into the textbox and set the game’s memory address value to that value. “Reset Memory” will essentially just set the value back to what it was before we messed with it.
Adding The Functionality
Just like in the past, even though we added some new buttons and a textbox, the program won’t automatically work or know what you want to do with it. To fix this we need to add code so that when the buttons are pressed, something with happen.
When button1 is pressed, the textbox will be filled with the value of our character’s hitbox value and a message box will appear stating that we should see the hitbox value now. When button2 is pressed, the value we typed in the textbox should be written to the game’s memory and our character’s hitbox value will change to that. When button3 is pressed the game’s memory should be set back to the original value.
Now when we try to compile this we should be able to build the .dll file with no errors and then inject it into our game.
Testing Our Tool
Using a debugger on the hitbox’s address, we can see the value is currently 1. That means, when we press our “Read Memory” button, our textbox should show the value of 1. Let's see if this is true!
Now let's try to change the value from 1 to a bigger number and press our “Write Memory” button and see if anything happens.
Once again using a debugger to proof check our work, we see that the value changed to 10 after we typed 10 into the textbox and pressed our “Write Memory” button. So why doesn’t our character look any different? We’ll you might have noticed that our character is standing at a different angle. I turned the character so that you could see a before and after picture. If I turn my character downwards or towards the screen, this happens
Woah! Our character’s textures are almost completely missing and he is stretched across the screen now. Let’s see if we can use our “Reset Memory” button to change him back to normal…
In conclusion, we’re able to update our C++ CLI .dll file in order to turn it into a working game trainer/cheat tool. Obviously, this isn’t the extent of what you can do with C++ CLI .dll files but it is still a good start and an easier way to make visuals for your tools.
WriteProcessMemory function (memoryapi.h) - Win32 apps
Writes data to an area of memory in a specified process. The entire area to be written to must be accessible or the…
Peering Inside the PE: A Tour of the Win32 Portable Executable File Format
Matt Pietrek Mach 1994 Matt Pietrek is the author of Windows Internals (Addison-Wesley, 1993). He works at Nu-Mega…