Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


how to understand the Pointer Scan Result

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
zhenyad
How do I cheat?
Reputation: 0

Joined: 17 Jul 2015
Posts: 4
PostPosted: Fri Jul 17, 2015 7:58 am    Post subject: how to understand the Pointer Scan Result Reply with quote
Hello!


I found static address and three offsets.

http ://savepic.su/5856578.jpg (sorry, i cant post URL yet ^^)


And I want calculate the dynamic address programmatically.

But i dont understand what is operation "->" (see screenshot)

For Example 1D735F54 + A74 = 1D7369C8 - it's correct, but

029BBFB8+68 = 29BC020 (029BBFB8+68 -> 1D735C18)


How understand "->" operation?

Thanks in advance!
Back to top
View user's profile Send private message AIM Address
Matze500
Expert Cheater
Reputation: 8

Joined: 25 Jan 2012
Posts: 241
Location: Germany
PostPosted: Fri Jul 17, 2015 9:17 am    Post subject: Reply with quote
Adress +Offset = Address

[Address+Offset] -> Address value in Hex

That should explain the operators.
_________________
Back to top
View user's profile Send private message
zhenyad
How do I cheat?
Reputation: 0

Joined: 17 Jul 2015
Posts: 4
PostPosted: Fri Jul 17, 2015 10:08 am    Post subject: Reply with quote
Matze500 wrote:
Adress +Offset = Address

[Address+Offset] -> Address value in Hex

That should explain the operators.


But address already in hex. I'm wrong?

Please, show me how to calculate this expression:

[029BBFB8+68] -> 1D735C18

I'm confused Sad
Back to top
View user's profile Send private message AIM Address
Gniarf
Grandmaster Cheater Supreme
Reputation: 43

Joined: 12 Mar 2012
Posts: 1285
PostPosted: Fri Jul 17, 2015 10:12 am    Post subject: Reply with quote
zhenyad wrote:
[029BBFB8+68] -> 1D735C18

029BBFB8+68=29BC020. Read what is at 29BC020 and you'll find that it is written 1D735C18 there.
_________________
DO NOT PM me if you want help on making/fixing/using a hack.
Back to top
View user's profile Send private message
zhenyad
How do I cheat?
Reputation: 0

Joined: 17 Jul 2015
Posts: 4
PostPosted: Fri Jul 17, 2015 11:22 pm    Post subject: Reply with quote
I try to understand:

http ://savepic.su/5874826.jpg

See screenshot

1. I read memory on base address into temp var.

Memory tempMemory = readMemory(process,baseAddress,4);

2. I read memory value (i need A2BFB8 ):

long addressValue = temp2.getInt(0);

but addressValue in hex = 2E4AE9EC and next calculate useless.


P.S. function readMemory - correct, when i call readmemory with dynamic address this return correct value
Back to top
View user's profile Send private message AIM Address
Matze500
Expert Cheater
Reputation: 8

Joined: 25 Jan 2012
Posts: 241
Location: Germany
PostPosted: Sat Jul 18, 2015 1:26 am    Post subject: Reply with quote
To your last picture "???.exe"+??? the whole thing is the base address.

This is my code in C# to get the final Address Value from a Pointer.

With this code the first offset has to be 0.

Normal Pointer: "bla.exe+16864B"+18+24+9+A
Programm Pointer: "bla.exe+16864B"+0+18+24+9+A

iv_Address -> "bla.exe+16864B"
av_Offsets -> 0;18;24;9
sv_Type int,float,etc

Code:
public void ReadProcessPionterMemory(IntPtr iv_Address, IntPtr[] av_Offset, MemoryByteFlags sv_Type, out IntPtr finalAddress, out byte[] finalValue)
        {

            int offsetCount = av_Offset.Length;
            IntPtr ptrRead = iv_Address;
            IntPtr tmp_Address = IntPtr.Zero;
            byte[] read = new byte[(uint)sv_Type];

            for (int i = 0; i < offsetCount; i++)
            {
                tmp_Address = IntPtr.Add(ptrRead, av_Offset[i].ToInt32());

                int bytesRead = 0;
                read = ReadProcessMemory(tmp_Address, (uint)sv_Type, out bytesRead);

                ptrRead = new IntPtr(BitConverter.ToInt32(read, 0));
            }

            finalAddress = tmp_Address;
            finalValue = read;
        }

_________________
Back to top
View user's profile Send private message
zhenyad
How do I cheat?
Reputation: 0

Joined: 17 Jul 2015
Posts: 4
PostPosted: Sun Jul 19, 2015 12:49 am    Post subject: Reply with quote
Thank! Everything working!


My Solution to find base and dyn address on java (using JNA)

1. Find Process id (by exe Name)

Code:
public static int getProcessId(String window) {
        IntByReference pid = new IntByReference(0);
        user32.GetWindowThreadProcessId(user32.FindWindowA(null, window), pid);

        return pid.getValue();
    }



2. Find Process Pointer (by Process ID)

Code:
process = Kernel32.INSTANCE.OpenProcess(PROCESS_ALL_ACCESS, false, PID);



3. Find Base Address (using native function EnumProcessModulesEx with flag 0x01)


Another solutions on stackoverflow based on return m.getLpBaseOfDll, but correct result m.getEntryPoint

Code:

public int getBaseAddress(String processName) {
            List<Module> hModules = PsapiTools.getInstance().EnumProcessModules(process);

            for (   Module m : hModules) {

                if (m.getBaseName().equals(processName)) {

                    return Integer.valueOf("" +    Pointer.nativeValue(m.getEntryPoint()));
                }

            }

        return 0;
    }


public List<Module> EnumProcessModules(Pointer hProcess) throws Exception {
        List<Module> list = new LinkedList<>();

        Pointer[] lphModule = new Pointer[256];
        IntByReference lpcbNeededs = new IntByReference();
        boolean success = Psapi.INSTANCE.EnumProcessModulesEx(hProcess, lphModule, lphModule.length, lpcbNeededs, 0x01);
        if (!success) {
            int err = Native.getLastError();
            throw new Exception("EnumProcessModules failed. Error: " + err);
        }
        for (int i = 0; i < lpcbNeededs.getValue() / 4; i++) {
            list.add(new Module(hProcess, lphModule[i]));
        }

        return list;
    }





4. Find dyn address

Code:

public  long findDynAddress( int[] offsets, long baseAddress)
    {

        long pointer = baseAddress;

        int size = 4;
        Memory pTemp = new Memory(size);
        long pointerAddress = 0;

        kernel32.ReadProcessMemory(process, baseAddress, pTemp, size, null);

        long firstPointer = pTemp.getInt(0);

        String _hexFirstValue = Long.toHexString(firstPointer);


        for(int i = 0; i < offsets.length; i++)
        {
            if(i == 0)
            {
                kernel32.ReadProcessMemory(process, pointer, pTemp, size, null);

            }

            pointerAddress = ((pTemp.getInt(0)+offsets[i]));

            String _hexTemp = Long.toHexString(pointerAddress);


            if(i != offsets.length-1)
                kernel32.ReadProcessMemory(process, pointerAddress, pTemp, size, null);


        }

        return pointerAddress;
    }




And call

Code:


int pid = jna.getProcessId(processName);
Pointer process = Kernel32.INSTANCE.OpenProcess(PROCESS_ALL_ACCESS, false, pid);
int currentProcessAddress = jna.getBaseAddress(processName);
long currentDynamicAddress = jna.findDynAddress(offsets, baseAddress+currentProcessAddress);


Back to top
View user's profile Send private message AIM Address
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites