In this article, I will show you how to hack blood and bullets in Half Life game with C / C ++ programming language.
Note: Half Life 1.6 should be used to test because Half Life 1.6 is for playing with windowed mode instead of full screen.
Download the game Half Life 1.6 here .
Video detailed instructions (should watch the video after reading this article).
Hack scenario Imagine that you create a simple calculation application as follows: 
You enter a = 5. In some way the hacker knows the address of the variable a and changes a = 15 while you are entering b (when you know the address of a variable, you can change its value). via WinAPI). You enter b = 10. At this point your program will print "Tổng của a và b: 25" instead of "Tổng của a và b: 15".
Similarly with the game Half Life if you can change the value of the storage variables of ammunition, blood and money … you have successfully hacked.
1. The function to change the value of a variable knowing the address of that variable.
Below is the function I have written:
1 2 3 4 5 6 7 8 9 10 11 12 | template<class T> void change(DWORD pid, LPVOID address, T value) { HANDLE process = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid); if (!process) { cout << "Couldn't open process" << endl; return; } if (!WriteProcessMemory(process, address, &value, sizeof(value), 0)) { cout << "Couldn't write process memory" << endl; } } |
Input parameters:
pid is the process id of the Half Life game, you can get the process id of the Half Life game by going to Task Manager -> Details and looking at the PID column value of the Half Life game. 
address is the address of the blood variable or ammunition (instructions on getting it later)
newValue is the new value for the device.
The OpenProcess and WriteProcessMemory functions are two functions located in the Windows.h library. This library contains functions for your application to communicate with the operating system.
After the function has changed the memory value of the game Half Life and process id, the only thing you lack is now the address of the memory cell containing the value of blood and bullets.
2. Determine the address of the blood / ammo variable.
When you first enter the game, your number of bullets will be 12/24 (depending on the side), you will rely on this number 12 to find out where the memory containing the variable ammo is located by:
Browse all memory cells and see which ones have a value of 12 and save. There will usually be lots of valuable memory cells.
Shoot 1 bullet and browse all the saved cells to see which memory is worth 11 and save it.
Continue to perform the above operation until there is 1 cell or the number of cells does not decrease, then stop.
In case there is only 1 memory box left, that is the address of the bullet variable.
In case there is more than one memory cell, you must change the value for each memory cell and check to see if the number of bullets in the game has changed, if any then that is the memory cell to be taken.
Many C / C ++ code will immediately think of the cursor to do this, by having the cursor browse from the first memory cell to the last memory cell and check to see which memory cell is worth searching. But things are not so simple when your application runs, the operating system will give it a virtual memory and your cursor will point to that virtual memory, not the virtual memory of other applications. . 
For simplicity, you will get the address of the bullet and blood variables by recreating the above scenario with the Cheat Engine application. Specifically you can watch in the video .
Note when using Cheat Engine: there are many games that do not use the original variable to display (the original variable is used for calculation) but display the variable with the same value as the original variable so you may mistake this variable as a real variable ( When changing it you will notice on the screen while not changing the original variable). As you can see in the video, I can see that I only hacked the blood successfully, but the bullet didn’t work, because I hacked the device to display the amount of bullets, so I saw 100 bullets, but only 30 tablets (at first successfully hacked but this is not a variable used to display so I did not realize, wanted to realize to test shot).
3. Hack does not run out of ammo and heal continuously.
After obtaining the address of 2 program variables to hack the game Half Life will look like this:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 | #include<iostream> #include<Windows.h> using namespace std; template<class T> void change(DWORD pid, LPVOID address, T value) { HANDLE process = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid); if (!process) { cout << "Couldn't open process" << endl; return; } if (!WriteProcessMemory(process, address, &value, sizeof(value), 0)) { cout << "Couldn't write process memory" << endl; } } int main() { DWORD pid = 12716; LPVOID hp_address = (LPVOID)0x1033EC5C; LPVOID ammo_address = (LPVOID)0x09c9cb38; float hp = 255.0; int ammo = 100; while (true) { change(pid, hp_address, hp); change(pid, ammo_address, ammo); Sleep(50); } return 0; } |
Explain: when running this program the health will heal by 255 and the bullet will heal by 100 every 0.05 seconds.
0x1033EC5C và 0x09c9cb38 are the addresses of the blood and ammunition variables I have obtained with the Cheat Engine, your machine will be different so you cannot use these two values.
4. Prevention of hacking applications.
As a software developer, you probably do not want your application to be hacked as above. Unfortunately, you cannot prevent hackers from changing memory cells in the application, but you can detect changes and restore standard data or you can make it difficult for hackers in several ways:
Do not save the value of the blood variable, but save the value after multiplying with some real number, at this time it will be difficult for hackers to be able to track the address of the variable. Using multiple variables to store the same information => can both check for abnormal changes, and can make a hacker confused when there are too many memory cells with the same value. … => Making hard for hackers is like hard work for me, so it is best for single-user applications, you can hack freely, and for multi-user applications, it is best not to touch anyone on your server. friend.
5. Conclusion
In this section I have introduced through how a hack program works but still have to use Cheat Engine manually in a lot of steps, the next part I will guide how to create a hack program that can be run and run in many machine. We hope to receive suggestions from you.