Cheat application is scanning part of PC memory and searching some value inside of it. The cheat will scan only that part of the memory that your game is using. For example, you are looking at numbers or your game cash. Cheat found, for example, 1000 occurs under 1000 different addresses. The cheat will remember those addresses. Now inside the game value of your cash changed. Cheat is searching under those 1000 addresses is value changed as well. And then remember only those addresses where value was changed. After several attempts, Cheat App receives a shot list of addresses where your game-cash is stored. Now you will tell to Game Cheat App: "put another (bigger) value under every one of those addresses." And then, you will check whether the value in the game was changed or not. If there was a change under those addresses, you could search exactly what address holding cash value. Or you can say whatever and change cash values on multiple addresses and don't care your game will crash or not, or you will change in the same time gold minerals.
This description is very simplified because the game can store cash value encrypted, encoded in many places etc.. . It can store as well checksum for part of values and compare it from time to time (for example, during loading saved game).
You were asking, "how do they make the game show their mini-GUI." When cheat knows values to paint, it can only have to change the picture that has to be displayed on the monitor screen. Mean the question is how to change graphic memory. Well, all they have to do is to read graphics memory, change it and put it back again in their place. Games under Microsoft Windows are using DirectX or OpenGL. It's simple to use libraries to achieve the goal.
And that's why so important for Operating System is to get memory protection (read | write) for every process launched.
Memory protection is a way to control memory access rights on a computer and is a part of most modern processor architectures and operating systems. The main purpose of memory protection is to prevent a process from accessing memory that has not been allocated to it. This prevents a bug or malware within a process from affecting other processes or the operating system itself. An attempt to access unowned memory results in a hardware fault, called a segmentation fault or storage violation exception, generally causing abnormal termination of the offending process. Memory protection for computer security includes additional techniques such as address space layout randomization and executable space protection.
Since Windows XP and on, all major operating systems have this type of memory protection. One program will not be able to write to another program's memory.
It might be possible that a program could "reclaim" memory that was de-allocated from another program, but it will not have the information that was previously stored within it.
This description is very simplified because the game can store cash value encrypted, encoded in many places etc.. . It can store as well checksum for part of values and compare it from time to time (for example, during loading saved game).
Another method:
Software developers know the source code of the game (for example, Quake III Arena), and they know exactly how and where the game is storing holding some values. Then the developer can write a cheat that is changing another in-game value memory. For example, cheat is reading coordinates of an enemy unit and "moving "weapon crosshair to point on those coordinates. The game player is only pressing "fire" to shot.
You were asking, "how do they make the game show their mini-GUI." When cheat knows values to paint, it can only have to change the picture that has to be displayed on the monitor screen. Mean the question is how to change graphic memory. Well, all they have to do is to read graphics memory, change it and put it back again in their place. Games under Microsoft Windows are using DirectX or OpenGL. It's simple to use libraries to achieve the goal.
And that's why so important for Operating System is to get memory protection (read | write) for every process launched.
Memory protection is a way to control memory access rights on a computer and is a part of most modern processor architectures and operating systems. The main purpose of memory protection is to prevent a process from accessing memory that has not been allocated to it. This prevents a bug or malware within a process from affecting other processes or the operating system itself. An attempt to access unowned memory results in a hardware fault, called a segmentation fault or storage violation exception, generally causing abnormal termination of the offending process. Memory protection for computer security includes additional techniques such as address space layout randomization and executable space protection.
Since Windows XP and on, all major operating systems have this type of memory protection. One program will not be able to write to another program's memory.
It might be possible that a program could "reclaim" memory that was de-allocated from another program, but it will not have the information that was previously stored within it.
