View previous topic :: View next topic |
Author |
Message |
xtreamaj Cheater Reputation: 0
Joined: 28 May 2007 Posts: 34 Location: Behind you
|
Posted: Sat Aug 21, 2010 10:26 am Post subject: Process name+Address? |
|
|
Hello,
I've noticed some addresses appear like this while scanning some values
Process.exe+Address or something.dll+address
I did notice that for some people it would appear differently from me (the calculation after Process+address)
What does this mean, And can i put this type of address in C?
|
|
Back to top |
|
|
Objectivity How do I cheat? Reputation: 0
Joined: 14 Aug 2010 Posts: 1
|
Posted: Sat Aug 21, 2010 11:50 am Post subject: |
|
|
It's not an address, its the offset.
Yes, it can be done in "C" and "CE"
|
|
Back to top |
|
|
atom0s Moderator Reputation: 199
Joined: 25 Jan 2006 Posts: 8519 Location: 127.0.0.1
|
|
Back to top |
|
|
xtreamaj Cheater Reputation: 0
Joined: 28 May 2007 Posts: 34 Location: Behind you
|
Posted: Sat Aug 21, 2010 5:33 pm Post subject: Re: Process name+Address? |
|
|
Wiccaan wrote: | xtreamaj wrote: | Hello,
I've noticed some addresses appear like this while scanning some values
Process.exe+Address or something.dll+address
I did notice that for some people it would appear differently from me (the calculation after Process+address)
What does this mean, And can i put this type of address in C? |
It is symbol+offset, not +address. And yes you can obtain the symbol addresses in C, you can use either:
- CreateToolhelp32Snapshot with Process32First/Module32First
- PSAPI using EnumProcessModules / EnumProcessModulesEx
- Or various other methods such as Nt API or manually walking the process information and so on. |
Could i please get more information on how to use it.. I have never seen that kind of instruction before
|
|
Back to top |
|
|
XaLeX Expert Cheater Reputation: 0
Joined: 19 Aug 2008 Posts: 226
|
Posted: Sat Aug 21, 2010 5:40 pm Post subject: Re: Process name+Address? |
|
|
xtreamaj wrote: | Wiccaan wrote: | - CreateToolhelp32Snapshot with Process32First/Module32First
- PSAPI using EnumProcessModules / EnumProcessModulesEx
- Or various other methods such as Nt API or manually walking the process information and so on. |
Could i please get more information on how to use it.. I have never seen that kind of instruction before | Those are all functions. check the MicroSoft Developer Network for info about how to use them.[/url]
|
|
Back to top |
|
|
Grytolle How do I cheat? Reputation: 0
Joined: 27 Nov 2006 Posts: 6
|
Posted: Sat Aug 21, 2010 6:28 pm Post subject: |
|
|
So which function should the poster read up on in order to find out how to find the AllocationBase (as it seems to be called in CE's memory view) of a certain module (plus.dll, as it happens)?
_________________
Reputation: 0? No way, it should be "101" since I'm so fynny |
|
Back to top |
|
|
justa_dude Grandmaster Cheater Reputation: 23
Joined: 29 Jun 2010 Posts: 891
|
Posted: Sun Aug 22, 2010 7:38 am Post subject: |
|
|
Any of the options Wicca gave would work. A module's handle is equivalent to the address at which it is loaded. A Windows executable is also a module, so you can get the virtual base by requesting a handle to the executable. If you're running from an injected DLL, it's a little easier - you can simply call GetModuleHandle.
Cheers,
adude
|
|
Back to top |
|
|
atom0s Moderator Reputation: 199
Joined: 25 Jan 2006 Posts: 8519 Location: 127.0.0.1
|
Posted: Mon Aug 23, 2010 10:33 am Post subject: Re: Process name+Address? |
|
|
xtreamaj wrote: | Could i please get more information on how to use it.. I have never seen that kind of instruction before |
As XaLeX pointed out, all the information you need for each of the API I listed can be found on the MSDN. You can find tons of examples on these forums, as well as with Google if you need further assistance with understanding them.
Grytolle wrote: | So which function should the poster read up on in order to find out how to find the AllocationBase (as it seems to be called in CE's memory view) of a certain module (plus.dll, as it happens)? |
The API I listed work in similar ways but only one of the methods is needed to obtain the info. It is up to you which one you pick. The game may have anti-cheat measures to block one or more of the methods above as well, so you need to check and see which works best for your situation.
For CreateToolhelp32Snapshot method, look up:
- CreateToolhelp32Snapshot
- Process32First
- Process32Next
- Module32First
- Module32Next
- CloseHandle
For EnumProcessModules method, look up:
- OpenProcess
- EnumProcessModules or EnumProcessModulesEx
- GetModuleBaseName
- GetModuleFileNameEx
- GetModuleInformation
There are other methods you can do yourself as well but for a beginner level, using API is probably your better / faster choice.
_________________
- Retired. |
|
Back to top |
|
|
|