| View previous topic :: View next topic |
| Author |
Message |
Gig
How do I cheat?
![]() Reputation: 0
Joined: 13 Jun 2010
Posts: 5
|
 Posted: Sun Jun 13, 2010 4:53 pm Post subject: Understanding Base-Pointers |
 |
|
Hey guys,
I got this one problem I've been struggling with for a while now, and I was hoping someone here would be able to clarify something for me.
In Cheat Engine when locating base pointers (Either manually tracking the address/offsets or using the scanner)
Often you end up with an address that looks similar to this:
processName + 12345
And not just a pure numeric value for address.
However if you inside the "Add Address" window keep an eye on whatever address it points to, and then browse the process's memory, in that area, you are able to tell that "processName + 12345" might be equivalent to "12345678"
Inside Cheat Engine both addresses will work just fine ("processName+1234" or "12345678")
However if you want to grab that address, and use it somewhere else in a different memory reader (your own advanced trainer / program for instance) then only the purely numeric representation of the base address will work.
So the big question, how does Cheat Engine translate "processName+12345" in to a valid address?
I tried going through the Cheat Engine source code, but i was unable to find the answer there.
Thank you for your time.
|
|
| Back to top |
|
 |
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Sun Jun 13, 2010 5:19 pm Post subject: |
|
|
| Code: | | GetModuleHandle( _T( "ModuleName.dll" ) ) + offset; |
|
|
| Back to top |
|
|
Deltron Z
Expert Cheater
![]() Reputation: 1
Joined: 14 Jun 2009
Posts: 164
|
| Posted: Sun Jun 13, 2010 5:22 pm Post subject: |
|
|
Image Base + Relative Virtual Address.
Image Base for PE32 Executables are usually 0x00400000.
|
|
| Back to top |
|
|
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
| Posted: Sun Jun 13, 2010 8:00 pm Post subject: |
|
|
@Deltron Z when you say that you confuse noobs.
Look, what you need to do is obtain the base address of the module then adding the offset giving you your final address which you read / write from. Like so:
| Code: |
// Example
// gdi32.dll + 1234A
DWORD Base = (DWORD) GetModuleHandleA("gdi32.dll");
DWORD Address = Base + 0x1234A;
|
|
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Sun Jun 13, 2010 8:39 pm Post subject: |
|
|
Are you very confused, iPromise ? lmfao. Thanks for packaging up my code and repeating it though.
| Deltron Z wrote: | | Image Base for PE32 Executables are usually 0x00400000. |
That is only the case for the main module.
|
|
| Back to top |
|
|
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
| Posted: Sun Jun 13, 2010 9:46 pm Post subject: |
|
|
@Slugsnack
Are you illiterate?
I wrote:
| Quote: |
when you say that you confuse noobs.
|
And no i'm not a noob, I know how to use C++ so grow up and fuck off.
Alright, heres 2 other ways to do it since Asssnack wants to bitch about copying his code:
| Code: |
// Example
// gdi32.dll + 1234A
DWORD Base;
MODULEENTRY32 ME;
ME.dwSize = sizeof(MODULEENTRY32);
HANDLE Snapshot = CreateToolhelpSnapshot32(TH32CS_SNAPALL, 0);
if (Module32First(Snapshot, &ME))
{
while (Module32Next(Snapshot, &ME))
{
if (!strcmp(ME.szModule, "gdi32.dll"))
{
Base = (DWORD) ME.modBaseAddr;
}
}
}
DWORD Address = Base + 0x1234A;
|
| Code: |
DWORD Base = (DWORD) LoadLibraryA("gdi32.dll"); // depends
DWORD Address = Base + 0x1234A;
|
Also, he meant to grab the images base address and add it with the offset.
|
|
| Back to top |
|
|
Gig
How do I cheat?
![]() Reputation: 0
Joined: 13 Jun 2010
Posts: 5
|
| Posted: Mon Jun 14, 2010 2:07 am Post subject: |
|
|
Thank you very much, it was all very helpful to me.
Thank you.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
