Author image

Process Hacking (COD4) Tutorial


Difficulty:
2/5


Generic Windows process hacking application. This time the victim being Call of Duty 4 (the original).

What do we mean by hacking? Hacking is gaining access to a system in a manner that was not intended by its developer.

Here we do something really really simple and easy. We will change some on screen visual values in our program.

A. We find the process' HANDLE. There are 2 ways to do this.

I. By getting the window Handle (HWND)

  1. HWND windowHandle = FindWindowW( nullptr, processName ) to get the window handle
  2. GetWindowThreadProcessId( windowHandle, &pid ) to get the pid
  3. and finally OpenProcess( PROCESS_ALL_ACCESS, false, *pid ); to get the process Handle

This is the method I use in this example.

II. By taking a snapshot of the system's running processes

For completion sake I will illustrate how to do this.

  1. We take a snapshot of all the processes currently active in the system, using CreateToolhelp32Snapshot( H32CS_SNAPPROCESS, 0 );
  2. We loop through the process list, using Process32FirstW and Process32NextW.
  3. If we find our target process we store it in PROCESSENTRY32Wand we access it (Read & Write privileges), using OpenProcess withPROCESS_ALL_ACCESS and its pid via (PROCESSENTRY32W::th32ProcessID). It returns a HANDLE to that process.

B. Now use CheatEngine or ArtMoney or some other debugger to find your target address to change (pAmmo in our example). For example you're in COD4, you can see your current weapon's screen's ammo is, say, 300 and you want to set it to 50. Then you'd search for float or integer 300 in CheatEngine to find the right address. When you find the address set/hardcode it in pAmmo & move along (this is not a CE tutorial).

C. You can now proceed to change that value using WriteProcessMemory (this is where you'd overwrite it with "50") or you can just read back the value usingReadProcessMemory .

Expand the convenientWrappers region to find out more cool hackjobs you can do and expand your horizons with the Windows api.

Do note that if you compile the code to a 32-bit executable on a 64-bit system, it will only "see" other 32-bit processes when you create the snapshot, not any 64-bit processes. If you use a 64-bit executable on a 64-bit system, it will see both 32-bit and 64-bit processes.

I used Windows 8.1 x86_64, Visual Studio 2017 to build the project.

Acknowledgements

Microsoft docs - Process Status API

Taking a Snapshot and Viewing Processes - Win32 apps | Microsoft Docs

Github

Github repository link.


0 likes