Burlando Xtrap (Source) Parte 1
I see and admire the people who have been doing hacks, and the methods you have used before in use, changing only
bypass modes of strings detected by X-TRAP (in my case was GameGuard).
Today I will show you the first codes we used.
Writing in memory:
First you can use these codes both in a DLL or EXE in proprio. (no need to inject a dll).
~ ~ Declare variables:
Quote:
Var
Pid: Integer;
Pidhandle: integer;
I will explain one by one
Pid The process ID that is required to write to memory
Pidhandle Kinda the same thing, but a little different: P
At this time, the value is 0 because we are not using them.
~ ~ Create a constant
Quote:
Const
process = 'PRocess.exe'
Ready now the system already knows where vai happen editions of memory.
Finding the PID of the program:
Quote:
function GetID(Const ExeFileName: string; var ProcessId: integer): boolean;
var
ContinueLoop: BOOL;
FSnapshotHandle: THandle;
FProcessEntry32: TProcessEntry32;
begin
result := false;
FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
FProcessEntry32.dwSize := Sizeof(FProcessEntry32);
ContinueLoop := Process32First(FSnapshotHandle, FProcessEntry32);
while integer(ContinueLoop) <> 0 do begin
if (StrIComp(PChar(ExtractFileName(FProcessEntry32.sz ExeFile)), PChar(ExeFileName)) = 0)
or (StrIComp(FProcessEntry32.szExeFile, PChar(ExeFileName)) = 0) then begin
ProcessId:= FProcessEntry32.th32ProcessID;
result := true;
break;
Now pay attention primarily on this line
Quote:
function GetID(Const ExeFileName: string; var ProcessId: integer): boolean;
This is the function works as follows, program name and PID variable you declared.
Let's now create a button that makes it
Quote:
procedure TForm1.Button1Click(Sender: TObject);
begin
if GetID(process, Pid) then
Showmessage(IntToStr(Pid));
Now you have your function GetID!
~ ~ Writing in memory
Quote:
WriteProcessMemory(Pidhandle, Pointer(Address), @NewValue, Data, Written);
The WPM needs are Process Handle, Address, New Value, Value / address (forgot OO) and Written. Type this:
Quote:
Var
Address: Cardinal
NewValue: Integer;
Data: Integer;
Written: Cardinal
Remember
Quote:
byte = 1 byte
word = 2 bytes
cardinal = 4 bytes
Hitherto ta easy but how do we get the PIDHANDLE?
~ ~ OpenProcess
We will use OpenProcess () to get the PidHandle
Quote:
Pidhandle := OpenProcess(PROCESS_ALL_ACCESS,False,Pid);
Code Complete
Quote:
Var
Pid: Integer;
Pidhandle: integer;
Address: Cardinal
NewValue: Integer;
Data: Integer;
Written: Cardinal;
procedure TForm1.Button1Click(Sender: TObject);
begin
Address := $04000000;
NewValue := 666;
Data := 4;
if GetID(process,Pid) then
begin
Pidhandle := OpenProcess(PROCESS_ALL_ACCESS,False,Pid);
WriteProcessMemory(Pidhandle, Pointer(Address), @NewValue, Data, Written);
closehandle(Pidhandle);
end else
begin
MessageDlg('Processo não encontrado!!!', mtwarning, [mbOK],0);
end;