| View previous topic :: View next topic |
| Author |
Message |
nerozero
How do I cheat?
![]() Reputation: 0
Joined: 05 Sep 2012
Posts: 9
|
 Posted: Sat Sep 08, 2012 7:10 am Post subject: Translating addresses from c# to cheat engine |
 |
|
Hi all,
I think I am having some trouble understanding the base address conversion.
I am trying to hack the health in Dark souls and have found the pointer to this address.
My C# program tells me the base address is 4194304 but the base address within cheat engine is 4000000 so how do these 2 relate?
E.g. my first offset is "DATA.exe"+00FE428C but when I add the offset from base 4194304 it isn't looking in the same place as it is in cheat engine????
Thanks guys
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25859
Location: The netherlands
|
| Posted: Sat Sep 08, 2012 7:41 am Post subject: |
|
|
4194304 = 0x4000000
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
nerozero
How do I cheat?
![]() Reputation: 0
Joined: 05 Sep 2012
Posts: 9
|
| Posted: Sat Sep 08, 2012 8:00 am Post subject: |
|
|
Ok I think I am getting it now when I add the offset in c# I get int 20857484 which in hex is the first address as it shows in cheat engine so that is fine.
How do I get the value in that address I am doing:
| Code: |
int value;
unsafe
{
int* p = (int*)this.baseAddr.ToPointer();
value = (int)*p;
}
this.lblBaseAddr.Text = value.ToString();
|
But this doesn't change the label so not sure what is going on here?
|
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Sat Sep 08, 2012 12:41 pm Post subject: |
|
|
You can't directly access memory like that from an external application. Along with that, the base address of an application does not contain a pointer traditionally. (Unless the game alters the DOS header after its loaded.)
You need to use ReadProcessMemory from an external app to read another apps memory.
_________________
- Retired. |
|
| Back to top |
|
|
Unbr0ken
Advanced Cheater
![]() Reputation: 2
Joined: 10 Aug 2011
Posts: 67
|
| Posted: Sat Sep 08, 2012 3:48 pm Post subject: |
|
|
| Wiccaan wrote: | You can't directly access memory like that from an external application. Along with that, the base address of an application does not contain a pointer traditionally. (Unless the game alters the DOS header after its loaded.)
You need to use ReadProcessMemory from an external app to read another apps memory. |
But, I think that he's injected into some process.
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Sat Sep 08, 2012 5:01 pm Post subject: |
|
|
| Unbr0ken wrote: | | Wiccaan wrote: | You can't directly access memory like that from an external application. Along with that, the base address of an application does not contain a pointer traditionally. (Unless the game alters the DOS header after its loaded.)
You need to use ReadProcessMemory from an external app to read another apps memory. |
But, I think that he's injected into some process. |
Given that he is having issues with basic pointers, I doubt he managed to figure out how to inject .NET assemblies into native processes. (No offense to the OP or anything, just an observation.)
_________________
- Retired. |
|
| Back to top |
|
|
Unbr0ken
Advanced Cheater
![]() Reputation: 2
Joined: 10 Aug 2011
Posts: 67
|
| Posted: Sat Sep 08, 2012 5:13 pm Post subject: |
|
|
| Wiccaan wrote: | | Unbr0ken wrote: | | Wiccaan wrote: | You can't directly access memory like that from an external application. Along with that, the base address of an application does not contain a pointer traditionally. (Unless the game alters the DOS header after its loaded.)
You need to use ReadProcessMemory from an external app to read another apps memory. |
But, I think that he's injected into some process. |
Given that he is having issues with basic pointers, I doubt he managed to figure out how to inject .NET assemblies into native processes. (No offense to the OP or anything, just an observation.) |
Huh, yep. But, if he wants, here is some info.
|
|
| Back to top |
|
|
Pingo
Grandmaster Cheater
![]() Reputation: 8
Joined: 12 Jul 2007
Posts: 571
|
| Posted: Sun Sep 09, 2012 6:21 am Post subject: |
|
|
| Wiccaan wrote: |
Given that he is having issues with basic pointers, I doubt he managed to figure out how to inject .NET assemblies into native processes. (No offense to the OP or anything, just an observation.) |
He might be using a managed/unmanaged dll injector.
I use one myself so i dont need a C++ bootstrap like that tut over at codingthewheel.
@nerozero
Like Wiccaan already said, use readprocessmemory.
Get the base address of DATA.exe and add the offset.
Is the base always 0x4000000?
If so just hardcode the address
"DATA.exe"+00FE428C = 0x13E428C
_________________
|
|
| Back to top |
|
|
Unbr0ken
Advanced Cheater
![]() Reputation: 2
Joined: 10 Aug 2011
Posts: 67
|
| Posted: Sun Sep 09, 2012 4:36 pm Post subject: |
|
|
| Pingo wrote: | | Is the base always 0x4000000? |
That must be imposible (at least for him).
|
|
| Back to top |
|
|
Pingo
Grandmaster Cheater
![]() Reputation: 8
Joined: 12 Jul 2007
Posts: 571
|
| Posted: Mon Sep 10, 2012 1:12 am Post subject: |
|
|
| Unbr0ken wrote: | | Pingo wrote: | | Is the base always 0x4000000? |
That must be imposible (at least for him). |
Yea i think the base changes, i had to ask though.
_________________
|
|
| Back to top |
|
|
Deine Mutter
Expert Cheater
 Reputation: 1
Joined: 05 Apr 2006
Posts: 181
|
| Posted: Mon Sep 10, 2012 1:45 pm Post subject: |
|
|
Quick note:
4194304 = 0x00400000 ≠ 0x04000000
Personally, I have never seen a diferent Image Base than 0x00400000 (don't know about 64 bit applications), but theoretically it could be different of course.
Btw, the ImageBase is fixed for one file since it is hardcoded in the PE Header (OptionalHeader).
_________________
|
|
| Back to top |
|
|
Unbr0ken
Advanced Cheater
![]() Reputation: 2
Joined: 10 Aug 2011
Posts: 67
|
| Posted: Sun Sep 16, 2012 11:36 am Post subject: |
|
|
| Deine Mutter wrote: | Quick note:
4194304 = 0x00400000 ≠ 0x04000000
Personally, I have never seen a diferent Image Base than 0x00400000 (don't know about 64 bit applications), but theoretically it could be different of course. |
Generally, games like Half Life (and its mods), have a PBA different than 0x00400000. They're like 0x00100000, aprox.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
