I am currently learning C, especially how memory works, and how I can write and read data used by programs. For practice, I started coding a little cheat for the game Undertale, that would constantly overwrite the health address with the maximum health value, which would make the character invincible. I searched the address of the health value with Cheat Engine, and now I have this code:
#include <stdio.h>
#include <Windows.h>
int main(void) {
printf("\n");
double MAXHEALTH = 20;
HWND hwnd = FindWindowA(NULL, "UNDERTALE");
if(hwnd == NULL) {
printf("ERROR: COULD NOT FIND GAME WINDOW. PLEASE OPEN THE GAME.\n");
return 1;
}
printf("[+] Undertale window found\n");
DWORD processID;
GetWindowThreadProcessId(hwnd, &processID);
HANDLE handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, processID);
if (processID == NULL) {
printf("ERROR: COULD NOT HANDLE PROCESS.\n");
return 1;
}
printf("[+] Obtained handle\n");
while(1) {
printf("[*] Writing max health value to health address..\n");
WriteProcessMemory(handle, (LPVOID)0x049B2F8, &MAXHEALTH, sizeof(MAXHEALTH), 0);
printf("[+] Done!\n");
}
return 0;
}
And it works. The bad thing is, when you close the game and re-open it, all the addresses are different... That's not very efficient. So I wanted to try using Cheat Engine to find the base address of the health value. I did multiple pointer scans, and narrowed the results to approximately 150 addresses, pointing to the health address. I tried selecting one randomly, closed the game, re-opened it, and it worked: I was able to modify the health value by using the pointer I found.
So I thought I'd use it in my code. Under "Base Address" in the pointer scan window, it showed "UNDERTALE.exe"+059E4F8
. I tried replacing the address in my code with the address of the pointer (I typed (LPVOID)0x059E4F8
), but it didn't work. The output said "[+] Done!
" repeatedly but the health value wasn't changing, while it worked in Cheat Engine... I'm new to the whole memory management thing, what did I do wrong? Is what I want to do even possible?
I hope my explanation of everything I did was clear enough, if not, please let me know.
Thank you.