Game Hacking 101: Memory Manipulation in Mount and Blade Warband
Game hacking opens a window into how games store and manage data in memory. By understanding memory manipulation, you can modify in-game values, experiment with game mechanics, and gain deeper insights into how software works at a low level. In this guide, we’ll explore memory manipulation techniques using Mount and Blade Warband as our target, covering everything from basic concepts to writing C++ code that reads and writes game memory.
What is Mount and Blade Warband?
Mount and Blade Warband is a medieval-themed action role-playing game developed by TaleWorlds Entertainment. Set in the fictional continent of Calradia, the game combines strategic gameplay, combat, and open-world exploration. Players create characters, build armies, engage in battles, and establish kingdoms. Its sandbox-style gameplay and modding support make it an excellent choice for learning game hacking techniques.
Understanding Memory
Memory is where a computer stores data and instructions. In game hacking, we focus on the game process’s volatile memory, where variables, values, and game states reside. By manipulating this memory, we can alter game variables and control various aspects of gameplay.
What is Virtual Memory?
Virtual memory is a memory management technique that gives each process its own virtual address space, independent of physical memory. Programs can operate as if they have access to more memory than physically installed. This virtual address space is divided into pages, which can be mapped to physical memory or stored on secondary storage.
How Virtual Memory Works:
When a program runs, it’s loaded into virtual address space, typically divided into segments (code, data, stack). The operating system’s Memory Management Unit (MMU) maps virtual addresses to physical addresses in memory or secondary storage.
Benefits of Virtual Memory:
- Increased Addressable Memory: Each process can have a larger virtual address space than physical memory
- Memory Isolation: Processes can’t access each other’s memory, enhancing security
- Efficient Memory Utilization: Unused portions can be stored on disk, freeing physical memory
- Memory Sharing: Multiple processes can share the same file mappings
Locating Memory Addresses
To manipulate memory, we need to find the specific addresses where game variables are stored. Memory addresses act as unique identifiers for each piece of data. We use memory scanning techniques to search for addresses based on criteria like the variable’s current value or data type.
Modifying Memory
Once we’ve identified memory addresses, we can modify values stored at those addresses. This might involve increasing resources, adjusting health or stamina, or unlocking features. Memory modification typically involves:
- Reading the current value from a memory address
- Performing calculations or changes
- Writing the modified value back to the address
Pointers and Dynamic Memory Analysis
Complex game hacking scenarios involve dynamic memory structures and pointers. Pointers are memory addresses that point to other locations. They’re used to access dynamically allocated memory or navigate complex data structures. Understanding pointers allows us to traverse the game’s memory space more effectively.
Tools for Memory Manipulation
Several tools aid in memory manipulation:
- Memory Editors/Trainers: User-friendly interfaces to scan and modify memory values in real-time
- Debuggers: Tools like Cheat Engine or OllyDbg provide advanced features like breakpoints, memory inspection, and disassembly
These tools simplify locating and manipulating memory addresses, enabling precise and efficient changes.
Cheat Engine: Memory Editing Made Easy
Cheat Engine is a popular memory editing tool used in the game hacking community. It allows you to scan, modify, and manipulate memory values in real-time. Let’s walk through using Cheat Engine step by step.
1. Download and Install Cheat Engine
Visit the official Cheat Engine website and download the latest version for your operating system. Run the installer and follow the on-screen instructions.
2. Launch Cheat Engine and Select a Game Process
Launch Cheat Engine and click the computer icon in the top-left corner to open the process list. Select the game process (e.g., mb_warband.exe). Make sure the game is running before selecting the process.
3. Perform Initial Value Scan
Identify the variable you want to modify (e.g., player’s money). In Cheat Engine:
- Enter the current value in the “Value” field
- Select the value type from the dropdown (e.g., 4 bytes for integers)
- Click “First Scan” to initiate the search
The scan will find all memory addresses matching your value.
4. Refine the Search
The initial scan usually returns many addresses. To narrow it down:
- Change the value in-game (e.g., spend or earn money)
- Enter the new value in Cheat Engine
- Click “Next Scan” to refine the search
- Repeat until you have a manageable number of addresses
5. Modify Memory Values
With a refined list:
- Double-click a memory address to add it to the address list
- Double-click the value column to modify it
- Enter your desired value
- The game will reflect the change immediately
6. Save Your Cheat Table
Click the floppy disk icon to save your cheat table. This allows you to reload cheats when you launch the game again.
Note: Many games use anti-cheat systems. Use cheat tables responsibly and stay updated on anti-cheat measures.
Using C++ for Memory Manipulation
While Cheat Engine is great for learning, writing your own C++ code gives you more control and understanding. Let’s explore how to manipulate memory programmatically.
Finding Offsets
Offsets are the key to reliable memory manipulation. Here’s how to find them using Cheat Engine:
- Find the memory address of your target value
- Right-click the address and select “Find out what accesses this address”
- Cheat Engine will show assembly instructions that access this address
- Analyze the assembly to understand the memory structure and offsets
Example Assembly Analysis:
mov ecx, [ecx + 140f0]
imul eax, eax, fc8
mov esi, [ecx + eax + 5d0]
This assembly code shows:
ecxis loaded from[ecx + 0x140f0]eaxis multiplied by0xfc8- The money value is loaded from
[ecx + eax + 0x5d0]
Converting the hexadecimal money value “cc0701” to decimal gives us 13371137.
Further analysis reveals that ecx is set from mb_warband.exe + 0x4eb300, giving us our base address and offsets.
Windows API for Memory Manipulation
The Windows API provides functions to interact with processes and their memory. Key functions include:
CreateToolhelp32Snapshot: Creates a snapshot of running processesProcess32Next: Iterates through process entriesOpenProcess: Opens a handle to a target processReadProcessMemory: Reads memory from a processWriteProcessMemory: Writes memory to a process
Process Handling
Here’s how to find and open a process:
Memory(const std::string_view processName) noexcept
{
::PROCESSENTRY32 entry = { };
entry.dwSize = sizeof(::PROCESSENTRY32);
const auto snapShot = ::CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
while (::Process32Next(snapShot, &entry))
{
if (!processName.compare(entry.szExeFile))
{
processId = entry.th32ProcessID;
processHandle = ::OpenProcess(PROCESS_ALL_ACCESS, FALSE, processId);
break;
}
}
if (snapShot)
::CloseHandle(snapShot);
}
The complete Memory class implementation is available in the MemoryBlade repository.
This code:
- Creates a snapshot of all running processes
- Iterates through each process
- Compares process names to find the target
- Opens a handle with full access when found
- Closes the snapshot handle
Reading Memory
Here’s a template function to read memory:
template <typename T>
constexpr const T Read(const std::uintptr_t& address) const noexcept
{
T value = { };
::ReadProcessMemory(processHandle, reinterpret_cast<const void*>(address), &value, sizeof(T), NULL);
return value;
}
This function:
- Takes a memory address as input
- Uses
ReadProcessMemoryto read the value - Returns the value of type
T - Works with any data type (int, float, etc.)
Writing to Memory
Here’s a template function to write memory:
template <typename T>
constexpr void Write(const std::uintptr_t& address, const T& value) const noexcept
{
::WriteProcessMemory(processHandle, reinterpret_cast<void*>(address), &value, sizeof(T), NULL);
}
This function:
- Takes a memory address and value
- Uses
WriteProcessMemoryto write the value - Works with any data type
Manipulating Money
Here’s a complete example that manipulates the player’s money:
#include <iostream>
#include "Memory.h"
int main()
{
// Create Memory instance for mb_warband.exe
const auto mem = Memory("mb_warband.exe");
std::cout << "Mount and Blade Warband found!" << std::endl;
// Get base address of the game module
const auto base_address = mem.GetModuleAddress("mb_warband.exe");
// Read values using offsets
int ecx = mem.Read<int>(base_address + 0x4eb300);
int eax = mem.Read<int>(ecx + 0x6e0);
ecx = mem.Read<int>(ecx + 0x140f0);
int money = mem.Read<int>(ecx + 0x5d0);
std::cout << "Current money: " << money << std::endl;
// Write new money value
mem.Write<int>(ecx + 0x5d0, 13371137);
std::cout << "Money updated!" << std::endl;
return 0;
}
This code:
- Finds the game process
- Gets the base address of the executable
- Follows the pointer chain using offsets
- Reads the current money value
- Writes a new money value
Manipulating Character Skills
Character skills in Mount and Blade Warband are stored at specific offsets. Here’s how to modify them:
#include <iostream>
#include "Memory.h"
int main()
{
const auto mem = Memory("mb_warband.exe");
std::cout << "Mount and Blade Warband found!" << std::endl;
const auto base_address = mem.GetModuleAddress("mb_warband.exe");
// Get base pointer
int edx = mem.Read<int>(base_address + 0x4eb300);
edx = mem.Read<int>(edx + 0x140f0);
// Modify skills (all set to 500)
mem.Write<int>(edx + 0x270, 500); // Strength
mem.Write<int>(edx + 0x274, 500); // Agility
mem.Write<int>(edx + 0x278, 500); // Intelligence
mem.Write<int>(edx + 0x27c, 500); // Charisma
std::cout << "Skills updated!" << std::endl;
return 0;
}
Skill Offsets:
0x270: Strength0x274: Agility0x278: Intelligence0x27c: Charisma
Interactive Memory Address Visualization
Understanding how memory addresses and offsets work can be challenging. Let’s visualize the process:
Memory Address Visualization
Ethical Considerations
Game hacking is a powerful skill, but it comes with responsibilities:
- Single-player games: Generally acceptable for learning and experimentation
- Multiplayer games: Can ruin others’ experiences and violate terms of service
- Respect developers: Understand that anti-cheat systems exist for good reasons
- Use responsibly: Don’t use hacks to gain unfair advantages in competitive environments
Anti-Cheat Systems
Modern games implement various anti-cheat measures:
- Memory Scanning: Periodic checks for unauthorized modifications
- Code Integrity Checks: Verification that game code hasn’t been modified
- Behavior Analysis: Detection of impossible or suspicious actions
- Server-Side Validation: Critical values verified on game servers
Understanding these systems helps you appreciate why some hacks work in single-player but not multiplayer games.
Conclusion
Memory manipulation is a fundamental game hacking technique that provides deep insights into how software works. By understanding virtual memory, using tools like Cheat Engine, and writing C++ code, you can modify game values and experiment with game mechanics. Remember to use these skills responsibly and ethically, especially in multiplayer environments.
The key concepts we covered:
- Virtual memory and how processes isolate memory
- Using Cheat Engine to find and modify memory addresses
- Writing C++ code using Windows API functions
- Understanding offsets and pointer chains
- Practical examples for manipulating money and skills
Whether you’re interested in game development, reverse engineering, or cybersecurity, understanding memory manipulation is a valuable skill that opens many doors.