Burlando Xtrap (Source) Parte 1

I see and admire the people who have been doing hacks, and the methods you have used before in use, changing only
bypass modes of strings detected by X-TRAP (in my case was GameGuard).
Today I will show you the first codes we used.

Writing in memory:

First you can use these codes both in a DLL or EXE in proprio. (no need to inject a dll).

~ ~ Declare variables:

Quote:

---

Var
Pid: Integer;
Pidhandle: integer;

---

I will explain one by one

Pid The process ID that is required to write to memory
Pidhandle Kinda the same thing, but a little different: P


At this time, the value is 0 because we are not using them.

~ ~ Create a constant

Quote:

---

Const
process = 'PRocess.exe'

---

Ready now the system already knows where vai happen editions of memory.

Finding the PID of the program:

Quote:

---

function GetID(Const ExeFileName: string; var ProcessId: integer): boolean;
var
ContinueLoop: BOOL;
FSnapshotHandle: THandle;
FProcessEntry32: TProcessEntry32;
begin
result := false;
FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
FProcessEntry32.dwSize := Sizeof(FProcessEntry32);
ContinueLoop := Process32First(FSnapshotHandle, FProcessEntry32);
while integer(ContinueLoop) <> 0 do begin
if (StrIComp(PChar(ExtractFileName(FProcessEntry32.sz ExeFile)), PChar(ExeFileName)) = 0)
or (StrIComp(FProcessEntry32.szExeFile, PChar(ExeFileName)) = 0) then begin
ProcessId:= FProcessEntry32.th32ProcessID;
result := true;
break;

---

Now pay attention primarily on this line

Quote:

---

function GetID(Const ExeFileName: string; var ProcessId: integer): boolean;

---

This is the function works as follows, program name and PID variable you declared.
Let's now create a button that makes it

Quote:

---

procedure TForm1.Button1Click(Sender: TObject);
begin
if GetID(process, Pid) then
Showmessage(IntToStr(Pid));

---

Now you have your function GetID!

~ ~ Writing in memory

Quote:

---

WriteProcessMemory(Pidhandle, Pointer(Address), @NewValue, Data, Written);

---

The WPM needs are Process Handle, Address, New Value, Value / address (forgot OO) and Written. Type this:

Quote:

---

Var
Address: Cardinal
NewValue: Integer;
Data: Integer;
Written: Cardinal

---

Remember

Quote:

---

byte = 1 byte
word = 2 bytes
cardinal = 4 bytes

---

Hitherto ta easy but how do we get the PIDHANDLE?

~ ~ OpenProcess

We will use OpenProcess () to get the PidHandle

Quote:

---

Pidhandle := OpenProcess(PROCESS_ALL_ACCESS,False,Pid);

---

Code Complete

Quote:

---

Var
Pid: Integer;
Pidhandle: integer;
Address: Cardinal
NewValue: Integer;
Data: Integer;
Written: Cardinal;

procedure TForm1.Button1Click(Sender: TObject);
begin

Address := $04000000;
NewValue := 666;
Data := 4;

if GetID(process,Pid) then
begin
Pidhandle := OpenProcess(PROCESS_ALL_ACCESS,False,Pid);
WriteProcessMemory(Pidhandle, Pointer(Address), @NewValue, Data, Written);
closehandle(Pidhandle);
end else
begin
MessageDlg('Processo não encontrado!!!', mtwarning, [mbOK],0);
end;

---