MCP server for game hacking with Frida - Cheat Engine-like memory scanning, hooking, and code injection
Project description
Frida Game Hacking MCP
A Model Context Protocol (MCP) server that provides Cheat Engine-like capabilities for game hacking through Frida. Enables AI assistants and automation tools to perform memory scanning, value modification, pattern matching, function hooking, and code injection.
Features
Memory Operations (Cheat Engine Style)
- Value Scanning: Find values in memory by type (int8-64, float, double, string)
- Scan Refinement: Narrow results with
scan_next,scan_changed,scan_unchanged - Pattern Scanning: Array of Bytes (AoB) with wildcard support (
??) - Memory Read/Write: Read and modify memory with type awareness
Function Hooking & Code Injection
- Intercept Functions: Hook with
onEnter/onLeaveJavaScript callbacks - Replace Functions: Make functions return custom values
- Module Hooking: Hook by
module!functionname - Symbol Resolution: Resolve exports to addresses
Process Management
- Process Enumeration: List and filter running processes
- Attach/Detach: Connect to running processes
- Spawn & Resume: Start processes suspended for early hooking
Debugging
- Breakpoints: Software breakpoints via hooks
- Register Access: Read CPU registers at breakpoints
- Module Analysis: List modules, exports, imports
Window Interaction (Windows)
- Screenshot Capture: Take screenshots of game windows
- Keyboard Input: Send keystrokes to game windows
- Window Management: List, focus, and interact with windows
Installation
# Install from PyPI (coming soon)
pip install frida-game-hacking-mcp
# Or install from source
git clone https://github.com/0xhackerfren/frida-game-hacking-mcp.git
cd frida-game-hacking-mcp
pip install -e .
Requirements
- Python 3.10+
- Frida 16.0+
- pywin32, pillow (Windows, for screenshot features)
pip install frida frida-tools mcp pillow
# On Windows, also install:
pip install pywin32
Quick Start
Run the MCP Server
# Run directly
python -m frida_game_hacking_mcp
# Or use the entry point
frida-game-hacking-mcp
Configure with Claude Desktop
Add to your claude_desktop_config.json:
{
"mcpServers": {
"frida-game-hacking": {
"command": "python",
"args": ["-m", "frida_game_hacking_mcp"]
}
}
}
Configure with Other MCP Clients
The server uses stdio transport by default. Connect using:
- Command:
python -m frida_game_hacking_mcp - Transport: stdio
Usage Examples
Cheat Engine Workflow: Find and Modify Health
1. List processes and find your game
> list_processes("game")
2. Attach to the game
> attach("game.exe")
3. Initial scan for current health value (e.g., 100)
> scan_value(100, "int32")
Found: 58,869 addresses
4. Take damage in game (health now 95)
> scan_next(95)
Narrowed to: 1,419 addresses
5. Repeat until you find the address
> scan_next(90)
Narrowed to: 3 addresses
6. Get results and modify
> get_scan_results()
> write_memory("0x12345678", "E7030000") # 999 in little-endian
Array of Bytes Pattern Scanning
# Find code pattern (works across game updates)
> attach("game.exe")
> scan_pattern("89 47 44 ?? ?? 5B 7A", "r-x")
Found: 2 matches
# ?? = wildcard bytes
# "r-x" = executable memory regions
Function Hooking
# Hook a function and log calls
> hook_function("0x401234",
on_enter="console.log('Args:', args[0], args[1]);",
on_leave="console.log('Return:', retval);")
# Make a function always return success
> replace_function("0x401234", 1)
# Hook by module and function name
> intercept_module_function("game.dll", "CheckLicense",
on_leave="retval.replace(1);")
Early Hooking (Spawn Suspended)
# Start process suspended
> spawn("C:/Games/game.exe")
# Set up hooks before code runs
> hook_function("0x401234", on_enter="...")
# Resume execution
> resume()
Available Tools (42 Total)
Process Management (6)
| Tool | Description |
|---|---|
list_processes |
Enumerate running processes |
attach |
Attach to process by name or PID |
detach |
Detach from current process |
spawn |
Start process suspended |
resume |
Resume spawned process |
get_session_info |
Get current session status |
Memory Operations (10)
| Tool | Description |
|---|---|
read_memory |
Read bytes at address |
write_memory |
Write bytes/values to address |
scan_value |
Initial scan for exact value |
scan_next |
Narrow scan with new value |
scan_changed |
Find changed values |
scan_unchanged |
Find unchanged values |
scan_pattern |
AoB pattern scan with wildcards |
get_scan_results |
Get current scan results |
clear_scan |
Reset scan state |
list_memory_regions |
List memory regions |
Module Information (5)
| Tool | Description |
|---|---|
list_modules |
List loaded modules/DLLs |
get_module_info |
Get module details |
get_module_exports |
List module exports |
get_module_imports |
List module imports |
resolve_symbol |
Resolve symbol to address |
Function Hooking (6)
| Tool | Description |
|---|---|
hook_function |
Hook with callbacks |
unhook_function |
Remove hook |
replace_function |
Replace function return |
hook_native_function |
Hook with calling convention |
list_hooks |
List active hooks |
intercept_module_function |
Hook by module!function |
Debugging (4)
| Tool | Description |
|---|---|
set_breakpoint |
Set software breakpoint |
remove_breakpoint |
Remove breakpoint |
list_breakpoints |
List breakpoints |
read_registers |
Read CPU registers |
Script Management (3)
| Tool | Description |
|---|---|
load_script |
Load custom Frida JS |
unload_script |
Unload script |
call_rpc |
Call script RPC export |
Window Interaction (5) - Windows Only
| Tool | Description |
|---|---|
list_windows |
Enumerate visible windows |
screenshot_window |
Capture window to PNG/base64 |
screenshot_screen |
Capture screen or region |
send_key_to_window |
Send keystrokes to window |
focus_window |
Bring window to foreground |
Standard MCP (3)
| Tool | Description |
|---|---|
list_capabilities |
List all tools |
get_documentation |
Get help and examples |
check_installation |
Verify Frida installed |
Value Types
| Type | Size | Description |
|---|---|---|
int8 |
1 byte | Signed byte |
uint8 |
1 byte | Unsigned byte |
int16 |
2 bytes | Signed short |
uint16 |
2 bytes | Unsigned short |
int32 |
4 bytes | Signed int (most common) |
uint32 |
4 bytes | Unsigned int |
int64 |
8 bytes | Signed long |
uint64 |
8 bytes | Unsigned long |
float |
4 bytes | Single precision |
double |
8 bytes | Double precision |
string |
Variable | Null-terminated string |
Scan Regions
| Region | Description |
|---|---|
rw- |
Read-write data (heap, stack, globals) - default for value scans |
r-x |
Executable code - default for pattern scans |
rwx |
Read-write-execute (rare, often exploitable) |
r-- |
Read-only data |
Platform Support
- Windows: Native support
- Linux: Native support
- macOS: Native support
- Android: Via frida-server
- iOS: Via frida-server (jailbroken)
Use Cases
- Game Hacking: Memory editing, value modification, trainer development
- Security Research: Vulnerability analysis, exploit development
- Reverse Engineering: Runtime analysis, API hooking
- Software Testing: Fault injection, behavior modification
- Malware Analysis: Dynamic analysis in sandboxed environments
Security Notice
This tool is intended for:
- Educational purposes
- Security research on software you own or have permission to test
- Game modding in single-player/offline contexts
Do not use for:
- Cheating in online multiplayer games
- Circumventing software protections illegally
- Any malicious purposes
Contributing
Contributions welcome! Please:
- Fork the repository
- Create a feature branch
- Submit a pull request
License
MIT License - see LICENSE
Credits
- Built on Frida by Ole Andre Vadla Ravnas
- MCP protocol by Anthropic
- Inspired by Cheat Engine by Dark Byte
Links
Built for AI-assisted game hacking and security research.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file iflow_mcp_0xhackerfren_frida_game_hacking_mcp-1.1.0.tar.gz.
File metadata
- Download URL: iflow_mcp_0xhackerfren_frida_game_hacking_mcp-1.1.0.tar.gz
- Upload date:
- Size: 19.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.10.0 {"installer":{"name":"uv","version":"0.10.0","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Debian GNU/Linux","version":"13","id":"trixie","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9b537c83b732c6b6d16ef2ed3af06d2828c03ab5253da99c1d183466ff45b487
|
|
| MD5 |
3d6e2ce998f2c4c46906c227088580be
|
|
| BLAKE2b-256 |
2c0c6420de1c105e0928416faecda1aae388349b223bfab6c9d5f12ad795d2a4
|
File details
Details for the file iflow_mcp_0xhackerfren_frida_game_hacking_mcp-1.1.0-py3-none-any.whl.
File metadata
- Download URL: iflow_mcp_0xhackerfren_frida_game_hacking_mcp-1.1.0-py3-none-any.whl
- Upload date:
- Size: 21.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.10.0 {"installer":{"name":"uv","version":"0.10.0","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Debian GNU/Linux","version":"13","id":"trixie","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
36579024ad279790891aa9629da0487ae24cfd6c50f27ba99233e10793a12a0c
|
|
| MD5 |
ccb579d98948eb719464756c5620939f
|
|
| BLAKE2b-256 |
0ee0a65016132fcb50af1d40412d92a778de4fd1700fe3214d4d099f9dc3bf4d
|
