Frida Game Hacking MCP

A Model Context Protocol (MCP) server that provides Cheat Engine-like capabilities for game hacking through Frida. Enables AI assistants and automation tools to perform memory scanning, value modification, pattern matching, function hooking, and code injection.

MCP Python Frida License

Features

Memory Operations (Cheat Engine Style)

Value Scanning: Find values in memory by type (int8-64, float, double, string)
Scan Refinement: Narrow results with scan_next, scan_changed, scan_unchanged
Pattern Scanning: Array of Bytes (AoB) with wildcard support (??)
Memory Read/Write: Read and modify memory with type awareness

Function Hooking & Code Injection

Intercept Functions: Hook with onEnter/onLeave JavaScript callbacks
Replace Functions: Make functions return custom values
Module Hooking: Hook by module!function name
Symbol Resolution: Resolve exports to addresses

Process Management

Process Enumeration: List and filter running processes
Attach/Detach: Connect to running processes
Spawn & Resume: Start processes suspended for early hooking

Debugging

Breakpoints: Software breakpoints via hooks
Register Access: Read CPU registers at breakpoints
Module Analysis: List modules, exports, imports

Window Interaction (Windows)

Screenshot Capture: Take screenshots of game windows
Keyboard Input: Send keystrokes to game windows
Window Management: List, focus, and interact with windows

Installation

# Install from PyPI (coming soon) pip install frida-game-hacking-mcp # Or install from source git clone https://github.com/0xhackerfren/frida-game-hacking-mcp.git cd frida-game-hacking-mcp pip install -e .

Requirements

Python 3.10+
Frida 16.0+
pywin32, pillow (Windows, for screenshot features)

pip install frida frida-tools mcp pillow # On Windows, also install: pip install pywin32

Quick Start

Run the MCP Server

# Run directly python -m frida_game_hacking_mcp # Or use the entry point frida-game-hacking-mcp

Configure with Claude Desktop

Add to your claude_desktop_config.json:

{ "mcpServers": { "frida-game-hacking": { "command": "python", "args": ["-m", "frida_game_hacking_mcp"] } } }

Configure with Other MCP Clients

The server uses stdio transport by default. Connect using:

Command: python -m frida_game_hacking_mcp
Transport: stdio

Usage Examples

Cheat Engine Workflow: Find and Modify Health

1. List processes and find your game > list_processes("game") 2. Attach to the game > attach("game.exe") 3. Initial scan for current health value (e.g., 100) > scan_value(100, "int32") Found: 58,869 addresses 4. Take damage in game (health now 95) > scan_next(95) Narrowed to: 1,419 addresses 5. Repeat until you find the address > scan_next(90) Narrowed to: 3 addresses 6. Get results and modify > get_scan_results() > write_memory("0x12345678", "E7030000") # 999 in little-endian

Array of Bytes Pattern Scanning

# Find code pattern (works across game updates) > attach("game.exe") > scan_pattern("89 47 44 ?? ?? 5B 7A", "r-x") Found: 2 matches # ?? = wildcard bytes # "r-x" = executable memory regions

Function Hooking

# Hook a function and log calls > hook_function("0x401234", on_enter="console.log('Args:', args[0], args[1]);", on_leave="console.log('Return:', retval);") # Make a function always return success > replace_function("0x401234", 1) # Hook by module and function name > intercept_module_function("game.dll", "CheckLicense", on_leave="retval.replace(1);")

Early Hooking (Spawn Suspended)

# Start process suspended > spawn("C:/Games/game.exe") # Set up hooks before code runs > hook_function("0x401234", on_enter="...") # Resume execution > resume()

Available Tools (42 Total)

Process Management (6)

Tool	Description
`list_processes`	Enumerate running processes
`attach`	Attach to process by name or PID
`detach`	Detach from current process
`spawn`	Start process suspended
`resume`	Resume spawned process
`get_session_info`	Get current session status

Memory Operations (10)

Tool	Description
`read_memory`	Read bytes at address
`write_memory`	Write bytes/values to address
`scan_value`	Initial scan for exact value
`scan_next`	Narrow scan with new value
`scan_changed`	Find changed values
`scan_unchanged`	Find unchanged values
`scan_pattern`	AoB pattern scan with wildcards
`get_scan_results`	Get current scan results
`clear_scan`	Reset scan state
`list_memory_regions`	List memory regions

Module Information (5)

Tool	Description
`list_modules`	List loaded modules/DLLs
`get_module_info`	Get module details
`get_module_exports`	List module exports
`get_module_imports`	List module imports
`resolve_symbol`	Resolve symbol to address

Function Hooking (6)

Tool	Description
`hook_function`	Hook with callbacks
`unhook_function`	Remove hook
`replace_function`	Replace function return
`hook_native_function`	Hook with calling convention
`list_hooks`	List active hooks
`intercept_module_function`	Hook by module!function

Debugging (4)

Tool	Description
`set_breakpoint`	Set software breakpoint
`remove_breakpoint`	Remove breakpoint
`list_breakpoints`	List breakpoints
`read_registers`	Read CPU registers

Script Management (3)

Tool	Description
`load_script`	Load custom Frida JS
`unload_script`	Unload script
`call_rpc`	Call script RPC export

Window Interaction (5) - Windows Only

Tool	Description
`list_windows`	Enumerate visible windows
`screenshot_window`	Capture window to PNG/base64
`screenshot_screen`	Capture screen or region
`send_key_to_window`	Send keystrokes to window
`focus_window`	Bring window to foreground

Standard MCP (3)

Tool	Description
`list_capabilities`	List all tools
`get_documentation`	Get help and examples
`check_installation`	Verify Frida installed

Value Types

Type	Size	Description
`int8`	1 byte	Signed byte
`uint8`	1 byte	Unsigned byte
`int16`	2 bytes	Signed short
`uint16`	2 bytes	Unsigned short
`int32`	4 bytes	Signed int (most common)
`uint32`	4 bytes	Unsigned int
`int64`	8 bytes	Signed long
`uint64`	8 bytes	Unsigned long
`float`	4 bytes	Single precision
`double`	8 bytes	Double precision
`string`	Variable	Null-terminated string

Scan Regions

Region	Description
`rw-`	Read-write data (heap, stack, globals) - default for value scans
`r-x`	Executable code - default for pattern scans
`rwx`	Read-write-execute (rare, often exploitable)
`r--`	Read-only data

Platform Support

Windows: Native support
Linux: Native support
macOS: Native support
Android: Via frida-server
iOS: Via frida-server (jailbroken)

Use Cases

Game Hacking: Memory editing, value modification, trainer development
Security Research: Vulnerability analysis, exploit development
Reverse Engineering: Runtime analysis, API hooking
Software Testing: Fault injection, behavior modification
Malware Analysis: Dynamic analysis in sandboxed environments

Security Notice

This tool is intended for:

Educational purposes
Security research on software you own or have permission to test
Game modding in single-player/offline contexts

Do not use for:

Cheating in online multiplayer games
Circumventing software protections illegally
Any malicious purposes

Contributing

Contributions welcome! Please:

Fork the repository
Create a feature branch
Submit a pull request

License

MIT License - see LICENSE

Credits

Built on Frida by Ole Andre Vadla Ravnas
MCP protocol by Anthropic
Inspired by Cheat Engine by Dark Byte

Links

Built for AI-assisted game hacking and security research.

This server cannot be installed

-

security - not tested

A

license - permissive license

-

quality - not tested

How are these scores calculated?

Resources

GitHub Repository

Need Help?

Report Issue

Related Servers