Frida Game Hacking MCP

A Model Context Protocol (MCP) server that provides Cheat Engine-like capabilities for game hacking through Frida. Enables AI assistants and automation tools to perform memory scanning, value modification, pattern matching, function hooking, and code injection.

Features

Memory Operations (Cheat Engine Style)

• Value Scanning: Find values in memory by type (int8-64, float, double, string)
• Scan Refinement: Narrow results with scan_next, scan_changed, scan_unchanged
• Pattern Scanning: Array of Bytes (AoB) with wildcard support (??)
• Memory Read/Write: Read and modify memory with type awareness

Function Hooking & Code Injection

• Intercept Functions: Hook with onEnter/onLeave JavaScript callbacks
• Replace Functions: Make functions return custom values
• Module Hooking: Hook by module!function name
• Symbol Resolution: Resolve exports to addresses

Process Management

• Process Enumeration: List and filter running processes
• Attach/Detach: Connect to running processes
• Spawn & Resume: Start processes suspended for early hooking

Debugging

• Breakpoints: Software breakpoints via hooks
• Register Access: Read CPU registers at breakpoints
• Module Analysis: List modules, exports, imports

Window Interaction (Windows)

• Screenshot Capture: Take screenshots of game windows
• Keyboard Input: Send keystrokes to game windows
• Window Management: List, focus, and interact with windows

Installation

# Install from PyPI (coming soon)
pip install frida-game-hacking-mcp

# Or install from source
git clone https://github.com/0xhackerfren/frida-game-hacking-mcp.git
cd frida-game-hacking-mcp
pip install -e .

Requirements

• Python 3.10+
• Frida 16.0+
• pywin32, pillow (Windows, for screenshot features)

pip install frida frida-tools mcp pillow
# On Windows, also install:
pip install pywin32

Quick Start

Run the MCP Server

# Run directly
python -m frida_game_hacking_mcp

# Or use the entry point
frida-game-hacking-mcp

Configure with Claude Desktop

Add to your claude_desktop_config.json:

{
  "mcpServers": {
    "frida-game-hacking": {
      "command": "python",
      "args": ["-m", "frida_game_hacking_mcp"]
    }
  }
}

Configure with Other MCP Clients

The server uses stdio transport by default. Connect using:

• Command: python -m frida_game_hacking_mcp
• Transport: stdio

Usage Examples

Cheat Engine Workflow: Find and Modify Health

1. List processes and find your game
   > list_processes("game")
   
2. Attach to the game
   > attach("game.exe")
   
3. Initial scan for current health value (e.g., 100)
   > scan_value(100, "int32")
   Found: 58,869 addresses
   
4. Take damage in game (health now 95)
   > scan_next(95)
   Narrowed to: 1,419 addresses
   
5. Repeat until you find the address
   > scan_next(90)
   Narrowed to: 3 addresses
   
6. Get results and modify
   > get_scan_results()
   > write_memory("0x12345678", "E7030000")  # 999 in little-endian

Array of Bytes Pattern Scanning

# Find code pattern (works across game updates)
> attach("game.exe")
> scan_pattern("89 47 44 ?? ?? 5B 7A", "r-x")
Found: 2 matches

# ?? = wildcard bytes
# "r-x" = executable memory regions

Function Hooking

# Hook a function and log calls
> hook_function("0x401234",
    on_enter="console.log('Args:', args[0], args[1]);",
    on_leave="console.log('Return:', retval);")

# Make a function always return success
> replace_function("0x401234", 1)

# Hook by module and function name
> intercept_module_function("game.dll", "CheckLicense",
    on_leave="retval.replace(1);")

Early Hooking (Spawn Suspended)

# Start process suspended
> spawn("C:/Games/game.exe")

# Set up hooks before code runs
> hook_function("0x401234", on_enter="...")

# Resume execution
> resume()

Available Tools (42 Total)

Process Management (6)

Tool	Description
list_processes	Enumerate running processes
attach	Attach to process by name or PID
detach	Detach from current process
spawn	Start process suspended
resume	Resume spawned process
get_session_info	Get current session status

Memory Operations (10)

Tool	Description
read_memory	Read bytes at address
write_memory	Write bytes/values to address
scan_value	Initial scan for exact value
scan_next	Narrow scan with new value
scan_changed	Find changed values
scan_unchanged	Find unchanged values
scan_pattern	AoB pattern scan with wildcards
get_scan_results	Get current scan results
clear_scan	Reset scan state
list_memory_regions	List memory regions

Module Information (5)

Tool	Description
list_modules	List loaded modules/DLLs
get_module_info	Get module details
get_module_exports	List module exports
get_module_imports	List module imports
resolve_symbol	Resolve symbol to address

Function Hooking (6)

Tool	Description
hook_function	Hook with callbacks
unhook_function	Remove hook
replace_function	Replace function return
hook_native_function	Hook with calling convention
list_hooks	List active hooks
intercept_module_function	Hook by module!function

Debugging (4)

Tool	Description
set_breakpoint	Set software breakpoint
remove_breakpoint	Remove breakpoint
list_breakpoints	List breakpoints
read_registers	Read CPU registers

Script Management (3)

Tool	Description
load_script	Load custom Frida JS
unload_script	Unload script
call_rpc	Call script RPC export

Window Interaction (5) - Windows Only

Tool	Description
list_windows	Enumerate visible windows
screenshot_window	Capture window to PNG/base64
screenshot_screen	Capture screen or region
send_key_to_window	Send keystrokes to window
focus_window	Bring window to foreground

Standard MCP (3)

Tool	Description
list_capabilities	List all tools
get_documentation	Get help and examples
check_installation	Verify Frida installed

Value Types

Type	Size	Description
int8	1 byte	Signed byte
uint8	1 byte	Unsigned byte
int16	2 bytes	Signed short
uint16	2 bytes	Unsigned short
int32	4 bytes	Signed int (most common)
uint32	4 bytes	Unsigned int
int64	8 bytes	Signed long
uint64	8 bytes	Unsigned long
float	4 bytes	Single precision
double	8 bytes	Double precision
string	Variable	Null-terminated string

Scan Regions

Region	Description
rw-	Read-write data (heap, stack, globals) - default for value scans
r-x	Executable code - default for pattern scans
rwx	Read-write-execute (rare, often exploitable)
r--	Read-only data

Platform Support

• Windows: Native support
• Linux: Native support
• macOS: Native support
• Android: Via frida-server
• iOS: Via frida-server (jailbroken)

Use Cases

• Game Hacking: Memory editing, value modification, trainer development
• Security Research: Vulnerability analysis, exploit development
• Reverse Engineering: Runtime analysis, API hooking
• Software Testing: Fault injection, behavior modification
• Malware Analysis: Dynamic analysis in sandboxed environments

Security Notice

This tool is intended for:

• Educational purposes
• Security research on software you own or have permission to test
• Game modding in single-player/offline contexts

Do not use for:

• Cheating in online multiplayer games
• Circumventing software protections illegally
• Any malicious purposes

Contributing

Contributions welcome! Please:

1. Fork the repository
2. Create a feature branch
3. Submit a pull request

License

MIT License - see LICENSE

Credits

• Built on Frida by Ole Andre Vadla Ravnas
• MCP protocol by Anthropic
• Inspired by Cheat Engine by Dark Byte

Links

• Frida Documentation
• MCP Specification
• Report Issues

---

Built for AI-assisted game hacking and security research.