|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
zhenyad How do I cheat? Reputation: 0
Joined: 17 Jul 2015 Posts: 4
|
Posted: Fri Jul 17, 2015 7:58 am Post subject: how to understand the Pointer Scan Result |
|
|
Hello!
I found static address and three offsets.
http ://savepic.su/5856578.jpg (sorry, i cant post URL yet ^^)
And I want calculate the dynamic address programmatically.
But i dont understand what is operation "->" (see screenshot)
For Example 1D735F54 + A74 = 1D7369C8 - it's correct, but
029BBFB8+68 = 29BC020 (029BBFB8+68 -> 1D735C18)
How understand "->" operation?
Thanks in advance!
|
|
Back to top |
|
|
Matze500 Expert Cheater Reputation: 8
Joined: 25 Jan 2012 Posts: 241 Location: Germany
|
Posted: Fri Jul 17, 2015 9:17 am Post subject: |
|
|
Adress +Offset = Address
[Address+Offset] -> Address value in Hex
That should explain the operators.
_________________
|
|
Back to top |
|
|
zhenyad How do I cheat? Reputation: 0
Joined: 17 Jul 2015 Posts: 4
|
Posted: Fri Jul 17, 2015 10:08 am Post subject: |
|
|
Matze500 wrote: | Adress +Offset = Address
[Address+Offset] -> Address value in Hex
That should explain the operators. |
But address already in hex. I'm wrong?
Please, show me how to calculate this expression:
[029BBFB8+68] -> 1D735C18
I'm confused
|
|
Back to top |
|
|
Gniarf Grandmaster Cheater Supreme Reputation: 43
Joined: 12 Mar 2012 Posts: 1285
|
Posted: Fri Jul 17, 2015 10:12 am Post subject: |
|
|
zhenyad wrote: | [029BBFB8+68] -> 1D735C18 |
029BBFB8+68=29BC020. Read what is at 29BC020 and you'll find that it is written 1D735C18 there.
_________________
DO NOT PM me if you want help on making/fixing/using a hack. |
|
Back to top |
|
|
zhenyad How do I cheat? Reputation: 0
Joined: 17 Jul 2015 Posts: 4
|
Posted: Fri Jul 17, 2015 11:22 pm Post subject: |
|
|
I try to understand:
http ://savepic.su/5874826.jpg
See screenshot
1. I read memory on base address into temp var.
Memory tempMemory = readMemory(process,baseAddress,4);
2. I read memory value (i need A2BFB8 ):
long addressValue = temp2.getInt(0);
but addressValue in hex = 2E4AE9EC and next calculate useless.
P.S. function readMemory - correct, when i call readmemory with dynamic address this return correct value
|
|
Back to top |
|
|
Matze500 Expert Cheater Reputation: 8
Joined: 25 Jan 2012 Posts: 241 Location: Germany
|
Posted: Sat Jul 18, 2015 1:26 am Post subject: |
|
|
To your last picture "???.exe"+??? the whole thing is the base address.
This is my code in C# to get the final Address Value from a Pointer.
With this code the first offset has to be 0.
Normal Pointer: "bla.exe+16864B"+18+24+9+A
Programm Pointer: "bla.exe+16864B"+0+18+24+9+A
iv_Address -> "bla.exe+16864B"
av_Offsets -> 0;18;24;9
sv_Type int,float,etc
Code: | public void ReadProcessPionterMemory(IntPtr iv_Address, IntPtr[] av_Offset, MemoryByteFlags sv_Type, out IntPtr finalAddress, out byte[] finalValue)
{
int offsetCount = av_Offset.Length;
IntPtr ptrRead = iv_Address;
IntPtr tmp_Address = IntPtr.Zero;
byte[] read = new byte[(uint)sv_Type];
for (int i = 0; i < offsetCount; i++)
{
tmp_Address = IntPtr.Add(ptrRead, av_Offset[i].ToInt32());
int bytesRead = 0;
read = ReadProcessMemory(tmp_Address, (uint)sv_Type, out bytesRead);
ptrRead = new IntPtr(BitConverter.ToInt32(read, 0));
}
finalAddress = tmp_Address;
finalValue = read;
} |
_________________
|
|
Back to top |
|
|
zhenyad How do I cheat? Reputation: 0
Joined: 17 Jul 2015 Posts: 4
|
Posted: Sun Jul 19, 2015 12:49 am Post subject: |
|
|
Thank! Everything working!
My Solution to find base and dyn address on java (using JNA)
1. Find Process id (by exe Name)
Code: | public static int getProcessId(String window) {
IntByReference pid = new IntByReference(0);
user32.GetWindowThreadProcessId(user32.FindWindowA(null, window), pid);
return pid.getValue();
} |
2. Find Process Pointer (by Process ID)
Code: | process = Kernel32.INSTANCE.OpenProcess(PROCESS_ALL_ACCESS, false, PID); |
3. Find Base Address (using native function EnumProcessModulesEx with flag 0x01)
Another solutions on stackoverflow based on return m.getLpBaseOfDll, but correct result m.getEntryPoint
Code: |
public int getBaseAddress(String processName) {
List<Module> hModules = PsapiTools.getInstance().EnumProcessModules(process);
for ( Module m : hModules) {
if (m.getBaseName().equals(processName)) {
return Integer.valueOf("" + Pointer.nativeValue(m.getEntryPoint()));
}
}
return 0;
}
public List<Module> EnumProcessModules(Pointer hProcess) throws Exception {
List<Module> list = new LinkedList<>();
Pointer[] lphModule = new Pointer[256];
IntByReference lpcbNeededs = new IntByReference();
boolean success = Psapi.INSTANCE.EnumProcessModulesEx(hProcess, lphModule, lphModule.length, lpcbNeededs, 0x01);
if (!success) {
int err = Native.getLastError();
throw new Exception("EnumProcessModules failed. Error: " + err);
}
for (int i = 0; i < lpcbNeededs.getValue() / 4; i++) {
list.add(new Module(hProcess, lphModule[i]));
}
return list;
}
|
4. Find dyn address
Code: |
public long findDynAddress( int[] offsets, long baseAddress)
{
long pointer = baseAddress;
int size = 4;
Memory pTemp = new Memory(size);
long pointerAddress = 0;
kernel32.ReadProcessMemory(process, baseAddress, pTemp, size, null);
long firstPointer = pTemp.getInt(0);
String _hexFirstValue = Long.toHexString(firstPointer);
for(int i = 0; i < offsets.length; i++)
{
if(i == 0)
{
kernel32.ReadProcessMemory(process, pointer, pTemp, size, null);
}
pointerAddress = ((pTemp.getInt(0)+offsets[i]));
String _hexTemp = Long.toHexString(pointerAddress);
if(i != offsets.length-1)
kernel32.ReadProcessMemory(process, pointerAddress, pTemp, size, null);
}
return pointerAddress;
}
|
And call
Code: |
int pid = jna.getProcessId(processName);
Pointer process = Kernel32.INSTANCE.OpenProcess(PROCESS_ALL_ACCESS, false, pid);
int currentProcessAddress = jna.getBaseAddress(processName);
long currentDynamicAddress = jna.findDynAddress(offsets, baseAddress+currentProcessAddress);
|
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|