| View previous topic :: View next topic |
| Author |
Message |
schaka
How do I cheat?
![]() Reputation: 0
Joined: 11 Feb 2015
Posts: 4
|
 Posted: Wed Feb 11, 2015 6:23 am Post subject: JAVA/JNA: EnumProcessModules() not returning all DLLs? |
 |
|
trying to read coordinates from a game. This works perfectly fine, when using ReadProcessMemory on a HANDLE that I receive through OpenProcess, with the memory I find in CheatEngine. For example, if I know the float value in the running process is at 0x5AB38F68, I can read this.
However, the address changes everytime the game restarts. It depends on a module called AkSoundEngine.dll. So basically the address would be at AkSoundEngine.dll+0x168F68. However, I cannot for the life of me find the baseaddress of said DLL. It shows in CE:
i DOT stack DOT imgur DOT com/k2O2X.jpg
However, when using EnumProcessModules() on the same HANDLE as before, these are the results:
| Code: |
[2015-02-08 09:26:09][INFO][Game:59] - C:\Windows\SYSTEM32\ntdll.dll
[2015-02-08 09:26:09][INFO][Game:59] - C:\Windows\SYSTEM32\wow64.dll
[2015-02-08 09:26:09][INFO][Game:59] - C:\Windows\SYSTEM32\wow64win.dll
[2015-02-08 09:26:09][INFO][Game:59] - C:\Windows\SYSTEM32\wow64cpu.dll
[2015-02-08 09:26:09][INFO][Game:59] - F:\Steam\steamapps\common\TheLongDark\tld.exe
[2015-02-08 09:26:09][INFO][Game:59] - F:\Steam\steamapps\common\TheLongDark\tld.exe
[2015-02-08 09:26:09][INFO][Game:59] - F:\Steam\steamapps\common\TheLongDark\tld.exe
[2015-02-08 09:26:09][INFO][Game:59] - F:\Steam\steamapps\common\TheLongDark\tld.exe
[2015-02-08 09:26:09][INFO][Game:59] - F:\Steam\steamapps\common\TheLongDark\tld.exe
|
The DLL is not showing. Therefore my assumption is, that it might be within one of the tld.exe modules. If that is the case, how would I go about iterating modules of a module and then receiving its base address? Am I right to assume that I would have to add the tld.exe's base address as well, as in: tld.exe+AkSoundEngine.dll+0x168F68?
You might also notice, that it shows tld.exe 5 times as a module, but only 2 of them return a BaseOfDll, as part of LPMODULEINFO as returned by GetModuleInformation().
Could it be, that I've just run into what is doable in JNA (I doubt that, since I'm just calling C code)?
I'm not sure how to ask more specifically, but you can see the whole code at my GitHub (github/Schaka/gamemap). Most of it is happening in Game.java's updatePosition() method.
|
|
| Back to top |
|
 |
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Wed Feb 11, 2015 5:44 pm Post subject: |
|
|
It's best to post code when you ask for help with something not working. Otherwise there is really no real way for anyone to help you since we are not sure what you are doing.
_________________
- Retired. |
|
| Back to top |
|
|
schaka
How do I cheat?
![]() Reputation: 0
Joined: 11 Feb 2015
Posts: 4
|
| Posted: Thu Feb 12, 2015 6:22 am Post subject: |
|
|
| Code: | try {
HANDLE game = MemoryTool.openProcess(MemoryTool.PROCESS_ALL_ACCESS, pId);
List<Module> modules = PsapiTools.getInstance().EnumProcessModules(game);
//Pointer p = MemoryTool.openProcess(MemoryTool.PROCESS_ALL_ACCESS, pId).getPointer();
for (Module module : modules) {
//log.info(module.getFileName());
log.info(module.getBaseName());
if(module.getFileName().contains("tld.exe")){
if(module.getEntryPoint() != null){
log.info(module.getBaseName() + " 0x" + Long.toHexString(Pointer.nativeValue(module.getEntryPoint().getPointer())));
}
if(module.getLpBaseOfDll() != null){
log.info(module.getBaseName() + " 0x" + Long.toHexString(Pointer.nativeValue(module.getLpBaseOfDll().getPointer())));
}
}
}
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
|
The Module class is just a wrapper for modules. I build a List of it based on what EnumProcessModules returns.
| Code: | public List<Module> EnumProcessModules(HANDLE hProcess) throws Exception{
List<Module> list = new LinkedList<Module>();
HMODULE[] lphModule = new HMODULE[1024];
IntByReference lpcbNeededs= new IntByReference();
boolean success = psapi.EnumProcessModules(hProcess, lphModule, lphModule.length, lpcbNeededs);
if (!success){
int err=k32.GetLastError();
throw new Exception("EnumProcessModules failed. Error: "+err);
}
for (int i = 0; i < lpcbNeededs.getValue()/4; i++) {
list.add(new Module(hProcess, lphModule[i]));
}
return list;
} |
Edit: I'm guessing, as you pointed out in the other thread, using EnumProcessModulesEx will probably lead to the result I am hoping for. So I will try that later today when I am home. Thank you.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25796
Location: The netherlands
|
| Posted: Thu Feb 12, 2015 6:52 am Post subject: |
|
|
if java is 64 bit an hmodule is 8 bytes, and yes, try EnumProcessModulesEx requesting all modules
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Thu Feb 12, 2015 1:14 pm Post subject: |
|
|
Also be careful using 'PROCESS_ALL_ACCESS' as it can fail on some newer end systems as the flag changed. It is best to just specify the flags you need and not demand all.
As I mentioned in the other thread too EnumProcessModulesEx will probably help you in your situation if you are dealing with 32bit / 64bit modules and processes.
_________________
- Retired. |
|
| Back to top |
|
|
schaka
How do I cheat?
![]() Reputation: 0
Joined: 11 Feb 2015
Posts: 4
|
| Posted: Thu Feb 12, 2015 2:55 pm Post subject: |
|
|
| That did the trick. Thank you guys so much. I've been stuck at it for almost a week and it was sooo frustrating.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
