 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
 Posted: Sat Jun 12, 2010 2:57 pm Post subject: Pointer - Scanner |
 |
|
Made a simple pointer scanner in a console application, it won't seem to work, can you guys help me?
| Code: |
#include <Windows.h>
#include <iostream>
void main()
{
system("COLOR 3");
using namespace std;
// Set up our variables
DWORD var = 10;
DWORD& dereference = var;
cout << "Var: " << &var << endl;
cout << "Dereference: " << &dereference << endl;
DWORD* Search = &var;
cout << "Searching For: " << (LPVOID) Search << endl;
// Start the scan
SYSTEM_INFO SI; GetSystemInfo(&SI);
DWORD Start = (DWORD) SI.lpMinimumApplicationAddress;
DWORD Stop = (DWORD) SI.lpMaximumApplicationAddress;
MEMORY_BASIC_INFORMATION MBI;
for (DWORD i = Start; i <= Stop; i ++)
{
VirtualQuery((LPCVOID) i, &MBI, sizeof(MEMORY_BASIC_INFORMATION));
if ((MBI.State == MEM_COMMIT) && (MBI.Type == MEM_PRIVATE))
{
DWORD EndAddr = (DWORD) MBI.BaseAddress + (DWORD) MBI.RegionSize;
for (DWORD Addr = (DWORD) MBI.BaseAddress; Addr < (EndAddr - 1 - sizeof(DWORD)); Addr++)
{
DWORD* Compare = &Addr;
if (*Search == *Compare)
{
cout << "Found: " << (LPVOID) Addr << " - Value: " << *(DWORD*) Addr << " - Dereferenced: " << &Addr << endl;
}
}
i = (DWORD) MBI.BaseAddress + (DWORD) MBI.RegionSize;
}
else
{
i = (DWORD) MBI.BaseAddress + (DWORD) MBI.RegionSize;
}
}
system("PAUSE");
}
|
|
|
| Back to top |
|
 |
hcavolsdsadgadsg
I'm a spammer
![]() Reputation: 26
Joined: 11 Jun 2007
Posts: 5801
|
| Posted: Sat Jun 12, 2010 7:04 pm Post subject: |
|
|
| what is with you and void main()
|
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Sat Jun 12, 2010 7:10 pm Post subject: |
|
|
Ditch the system calls. The color one is pointless, and the pause is a waste of resources. Either don't pause or just use iostream to do it for you.
And you do realize this will only scan the memory of itself right?
_________________
- Retired. |
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25807
Location: The netherlands
|
| Posted: Sat Jun 12, 2010 7:14 pm Post subject: |
|
|
There' not that much wrong with void main() if you don't intend on reading parameter and don't care that other apps can't get a valid exitcode
anyhow, first glimpse(late and sleepy): try "DWORD* Compare = (DWORD *)Addr;"
else you're just getting a pointer to the stack address that holds the temp variable Addr created for the loop
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
| Posted: Sat Jun 12, 2010 8:32 pm Post subject: |
|
|
@slovach Useless.
@Wiccaan I know what the hell i'm doing, useless.
@Dark Byte Actually very helpful, no 'smart ass' comments, or uselss comments, everything helps.
After research I came up with:
| Code: |
// Remove and obtain variables
Trampoline::SendMessageX(GetDlgItem(hWndDlg, IDCLIST1), LB_RESETCONTENT, 0, 0);
DWORD Address = (DWORD) Function::strConvertDWord(PointerScan(hWndDlg));
DWORD Search = Address;
DWORD Max = Search + 0x100;
DWORD Min = Search - 0x100;
// Start the scan
SYSTEM_INFO SI; GetSystemInfo(&SI);
DWORD Start = (DWORD) SI.lpMinimumApplicationAddress;
DWORD Stop = (DWORD) SI.lpMaximumApplicationAddress;
MEMORY_BASIC_INFORMATION MBI;
for (DWORD i = Start; i <= Stop; i ++)
{
VirtualQuery((LPCVOID) i, &MBI, sizeof(MEMORY_BASIC_INFORMATION));
if ((MBI.State == MEM_COMMIT) && (MBI.Type == MEM_PRIVATE))
{
DWORD EndAddr = (DWORD) MBI.BaseAddress + (DWORD) MBI.RegionSize;
for (DWORD Addr = (DWORD) MBI.BaseAddress; Addr < (EndAddr - 1 - sizeof(DWORD)); Addr++)
{
//__try {
if ( ( ( (*(DWORD*) Search) < (*(DWORD*) Max) ) ) &&
( ( (*(DWORD*) Search) > (*(DWORD*) Min) ) ) )
{
Function::Add2(hWndDlg, Addr);
}
//}
//__except (true)
//{
// Addr = EndAddr;
//}
}
i = (DWORD) MBI.BaseAddress + (DWORD) MBI.RegionSize;
}
else
{
i = (DWORD) MBI.BaseAddress + (DWORD) MBI.RegionSize;
}
}
|
But it crashes me, and my try function says i'm unwinding an object, I dont see anything thats unwinding an object inside try(), so i'm not sure whats going on, I think its with the comparing in the if() statement.
|
|
| Back to top |
|
|
Flyte
Peanuts!!!!
 Reputation: 6
Joined: 19 Apr 2006
Posts: 1887
Location: Canada
|
| Posted: Sat Jun 12, 2010 9:35 pm Post subject: |
|
|
| iPromise wrote: | @slovach Useless.
@Wiccaan I know what the hell i'm doing, useless.
|
You're a real piece of work, you little shit. You come in here and ask for handouts constantly, and it's clear you don't know what the hell you're doing. You continually make the exact same mistakes no matter how many times we tell you otherwise. Seeing this exact thread from you every few days (as it's quite clear that it's the exact same fucking issue) is getting quite old.
Either go learn the language and learn some respect, or go play in traffic.
|
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Sat Jun 12, 2010 9:41 pm Post subject: |
|
|
| ipromise go look up tutorials on how to use visual studio's debugger. it's actually quite good. not just at debugging, but also at stopping you constantly coming in here asking stupid questions that you could fix in minutes by yourself and actually learn why it went wrong instead of being spoonfed the answer.
|
|
| Back to top |
|
|
hcavolsdsadgadsg
I'm a spammer
![]() Reputation: 26
Joined: 11 Jun 2007
Posts: 5801
|
| Posted: Sat Jun 12, 2010 10:59 pm Post subject: |
|
|
| iPromise wrote: | @slovach Useless.
@Wiccaan I know what the hell i'm doing, useless.
@Dark Byte Actually very helpful, no 'smart ass' comments, or uselss comments, everything helps.
|
Then why do you even post? You ask for help constantly but never seem to listen to anyone in the end, and never seem to actually debug anything yourself.
Well, whatev.
|
|
| Back to top |
|
|
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
| Posted: Sat Jun 12, 2010 11:03 pm Post subject: |
|
|
@Flyte Whether you like it or not, whether i'm going to be hated for it or not, I respect you a ton so I won't respond to your comments, your sorta right, maybe I should put more time into investigating my problem and debugging it rather then posting questions without checking the code and doing something.
@Slugsnack Hahaha, other then my memory scanner all you've ever done Slugsnack was post useless things that had never helped me, so before you say "... and get spoonfeeded" go fuck yourself.
I know what i'm doing, I changed that code tenfold, right now I am subtracting the address by the offset and making a scan for values in the range from the address subtracted by the offset range to the address i'm scanning for, and displaying my results, etc. I read Dark Bytes tutorial on pointers, so that helped me a lot.
|
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Sun Jun 13, 2010 6:37 am Post subject: |
|
|
since i'm no help to you can you stop PMing me to beg for stuff acting all buddy buddy ?
| iPromise wrote: | Hey, long time since we last talked, how you been?
I'm coding an aimbot for GunBound and so far so good, I got all my addresses down. Except for one which is the Player Angle address, I hear its encrypted, i'm not sure, maybe some help from you or telling me some useful hints to work off from. Currently from my investigations in GunBound, Wind Speed and Wind Angle have 2 addresses. 1 is a static address that is only used when your the master of the room, 2 is dynamic that works for every mode of game (whether you master or not). The static address is located from 600000 to 3000000, and also the Wind Speed offset to Wind Angle is 1, so there is no need to get the Wind Angle because the Wind Speed is one address before it. The dynamic addresses are located from 4000000 to 5000000.
Current Addresses
| Code: |
GunBound + 0x561628 - Wind Speed (Byte)
GunBound + 0x561629 - Wind Angle (2 Bytes)
|
I am also reading the mobile value automatically so the user doesn't have to choose his mobile, its already chosen. The address for that is:
| Code: |
GunBound + 0x55ECA0 (4 Bytes)
|
As for flickerness, i'm using the double buffering technique, however it isn't THAT efficient in getting rid of your flickerness. However, I got it thanks to you and the communities help, thanks 
For drawing the shots trajectory path I use SetPixel(), not the best idea but I don't have any experience with Direct3D to get around that.
Here are some other addresses that are useful:
| Code: |
GunBound + 0055E8A0 - Map
GunBound + 0055E808 - Room Number
GunBound + 0055E8AC - Flying (Changing game mode from 1v1 to 2v2, etc)
GunBound + 0055DCD6 - Team
GunBound + 0055E8AF - Sudden Death
|
A little help for you on guiding me on how to obtain the Player Angle is memory is excellent! Or giving me useful hints that I can work off is also great. Thanks for your patience,
- iPromise. |
| iPromise wrote: | Hey man, come back to the GzForums, its pretty live.
Oh and btw, thanks to your help I got the addresses!
Mobile - GunBound.gme + 0055DCA0 (32 Bits)
Map - GunBound.gme + 0055D8A0 (32 Bits)
Room Number - GunBound.gme + 0055D808 (32 Bits)
Wind Speed - GunBound.gme + 00560628 (8 Bits)
Wind Angle - GunBound.gme + 00560629 (16 Bits)
Flying - GunBound.gme + 0055D8AC (8 Bits)
Team Hack - GunBound.gme + 0055DCD6 (8 Bits)
Sudden Death - GunBound.gme + 0055D8AF (8 Bits)
Unblock me on MSN if you want to, I also want to tell you something
Thanks |
| iPromise wrote: | Hey bro,
I'll pay you 1.00$ USD if you just type me the correct methods to find the Wind Angle and Player Angle, thanks man.
After my week of investigation I could only find Wind Speed:
| Code: |
- Scan for the wind speed (byte)
- Rescan until you have 2 - 4 addresses
|
|
| iPromise wrote: | http://cheatengine.org/forum/viewtopic.php?t=495593&sid=e5dabf335b628e21478e490ff892efda
your the only one with experience. |
| iPromise wrote: | | I gave you enough code to which you can help, if you help me get this fixed. I'll give you the whole source so you can release in publicly in anyway possible, such as you "decompiled" it, etc. Up to you, I dont really care, i'm sure if I put enough effort, I can get this fixed. |
| iPromise wrote: | How would you go by finding the Wind Speed address of Gunbound?
Do you make a room, scan 1 Byte, start the game and keep searching for the wind speed (byte) each time on your turn.
If thats right, I keep doing it but I don't get working addresses? |
why suck my cock and beg for stuff on msn + by PM and then act all badass on the forums. and oh god looking at this stuff makes me cringe thinking of how much of a dog you acted like on msn too.
|
|
| Back to top |
|
|
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
| Posted: Sun Jun 13, 2010 1:01 pm Post subject: |
|
|
@Slugsnack
Your not getting my point smart ass, my point is for all those times I needed help and requested it from you did you either:
(a) not respond
(b) respond, BUT nothing useful
I dont really care if you did or not, but since you haven't you can't say:
| Quote: |
instead of being spoonfed the answer.
|
So okay, I won't talk to you now I know your no help, and if i'm a "suckup" stop responding to my questions on the forums, or overall stop?
For everyone else
I fixed everything up, just a little errors here and there and i'll have it working, i'll post my source once its fine
|
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Sun Jun 13, 2010 1:08 pm Post subject: |
|
|
| i think you're forgetting all the posts i've made in your threads in this section as well as the hours i've spent on teamviewer on your machine fixing your code and setting your homepage to wowomg.com
|
|
| Back to top |
|
|
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
| Posted: Sun Jun 13, 2010 7:58 pm Post subject: |
|
|
Hmm guys, this doesn't seem to display me correct results, I compare my results with Cheat Engine and I don't get not even one address in the same results. Please help, i've tried debugging and changing things around, but I can't seem to find what displays these wrong addresses.
| Code: |
// File
ofstream PointerFile("C:\\PointerFile.txt");
PointerFile.clear();
// Set Variables
string AddressStr = PointerScan(hWndDlg);
DWORD Range = 0x2048;
DWORD Address = Function::strConvertDWord(AddressStr);
// Scan
MEMORY_BASIC_INFORMATION MemInfo = {0};
while (VirtualQuery((LPCVOID) ((DWORD) MemInfo.BaseAddress + (DWORD) MemInfo.RegionSize), &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)))
{
if ( (MemInfo.State == MEM_COMMIT) && (MemInfo.Protect == PAGE_READWRITE) )
{
DWORD EndAddr = (DWORD) MemInfo.BaseAddress + (DWORD) MemInfo.RegionSize;
for (DWORD Addr = (DWORD) MemInfo.BaseAddress; Addr <= (EndAddr - 1 - sizeof(DWORD)); Addr++)
{
DWORD AddressBegin;
DWORD AddressEnd;
ObtainValues(Address, Range, &AddressBegin, &AddressEnd);
if (!AddressBegin)
{
Addr = EndAddr;
}
if (!AddressEnd)
{
Addr = EndAddr;
}
if ( ( Function::IsStatic(Addr) ) == true )
{
for (DWORD i = AddressBegin; i <= AddressEnd; i++)
{
if ( (*(DWORD*) Addr) == i )
{
PointerFile << Function::dwGetAddrInfo(Addr) << endl;
}
}
}
else
{
++Addr;
}
}
}
}
// Close File
PointerFile.close();
|
ObtainValues()
| Code: |
void ObtainValues(DWORD Address, DWORD Range, LPDWORD AddressBegin, LPDWORD AddressEnd)
{
__try {
*AddressBegin = *(DWORD*) (Address - Range);
*AddressEnd = *(DWORD*) (Address);
}
__except (true) {
*AddressBegin = 0;
*AddressEnd = 0;
}
}
|
|
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Mon Jun 14, 2010 8:10 pm Post subject: |
|
|
| use f5 to debug, f10/f11 to step over and step into functions. then find out exactly what line it crashes on.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
