 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
thedebutent
Newbie cheater
![]() Reputation: 0
Joined: 30 Dec 2015
Posts: 11
|
 Posted: Wed Dec 30, 2015 12:29 am Post subject: how to search for text |
 |
|
hello,
I want to know how to search a text with the value in vb.net?
thanks for your help
Here image below:
| Description: |
| the red arrow that the little value |
|
| Filesize: |
176.04 KB |
| Viewed: |
14710 Time(s) |
|
|
|
| Back to top |
|
 |
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Wed Dec 30, 2015 12:37 am Post subject: |
|
|
As you can see in your own screenshot, text is nothing more than an array of bytes.
76 00 61 00 75 00 6C 00 etc...
The text in your example is in a unicode format, hence the extra 00 bytes.
Simply convert your string into an array of bytes and use the various search methods provided all over this site and others.
|
|
| Back to top |
|
|
thedebutent
Newbie cheater
![]() Reputation: 0
Joined: 30 Dec 2015
Posts: 11
|
| Posted: Wed Dec 30, 2015 2:54 am Post subject: |
|
|
here is my code:
[Public Class Form1
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Integer, ByVal bInheritHandle As Integer, ByVal dwProcessId As Integer) As Integer
Private Declare Function ReadProcessMemory4 Lib "kernel32" Alias "ReadProcessMemory" (ByVal hProcess As Integer, ByVal lpBaseAddress As Integer, ByRef lpBuffer As Byte, ByVal nSize As Integer, ByRef lpNumberOfBytesWritten As Integer) As Byte
Public Function FindPattern(ByVal Process As String, ByVal Pattern As Byte(), ByVal Mask As String) As Long
For dwCurrentAddress As Long = &H10000 To &H7FFFFFF Step &H1
If Compare(Process, dwCurrentAddress, Pattern, Mask) Then
Return dwCurrentAddress
End If
Next
Return -1
End Function
Public Function Compare(ByVal Process As String, ByVal Address As Long, ByVal Pattern As Byte(), ByVal Mask As String) As Boolean
Dim pTemp As Byte = Nothing
For i As Integer = 0 To Mask.Length - 1 Step 1
pTemp = ReadByte(Process, (Address + i), 4)
If pTemp = Nothing Then
Return False
End If
If Mask(i) = "x" And pTemp <> Pattern(i) Then
Return False
End If
Next
Return True
End Function
Public Function ReadByte(ByVal ProcessName As String, ByVal Address As Integer, Optional ByVal nsize As Integer = 4) As Byte
If ProcessName.EndsWith(".exe") Then
ProcessName = ProcessName.Replace(".exe", "")
End If
Dim MyP As Process() = Process.GetProcessesByName(ProcessName)
If MyP.Length = 0 Then
MessageBox.Show(ProcessName & " isn't open!")
Exit Function
End If
Dim hProcess As IntPtr = OpenProcess(&H10, 0, MyP(0).Id)
If hProcess = IntPtr.Zero Then
MessageBox.Show("Failed to open " & ProcessName & "!")
Exit Function
End If
Dim hAddress As Integer
Dim vBuffer As Byte = Nothing
hAddress = Address
ReadProcessMemory4(hProcess, hAddress, vBuffer, nsize, 0)
Return vBuffer
End Function
Private Sub Button1_Click(sender As System.Object, e As System.EventArgs) Handles Button1.Click
Dim Pattern As Byte() = Array.ConvertAll("76 00 61 00 75 00 6C 00 74 00 4C 00 65 00 76 00 65 00 6C 00 39 00 31".ToCharArray(), Function(c) CType(Asc(c), Byte))
Dim MonAddress As Long = FindPattern("Template.exe", Pattern, "xxxxxxxxxxxxxxxxxxxxxxx")
TextBox1.Text = MonAddress => no found
End Sub]
Did you find another solution faster for bytes "76 00 61 00 75 00 6C 00 74 00 4C 00 65 00 76 00 65 00 6C 00 39 00 31"?
Thank you beforehand[/code]
|
|
| Back to top |
|
|
thedebutent
Newbie cheater
![]() Reputation: 0
Joined: 30 Dec 2015
Posts: 11
|
| Posted: Fri Jan 01, 2016 2:51 am Post subject: |
|
|
here is my code that works address :
| Code: | Public Class Form1
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Int32, ByVal bInheritHandle As Int32, ByVal dwProcessId As Int32) As Int32
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Int32, ByVal lpBaseAddress As Int32, ByRef lpBuffer As Int32, ByVal nSize As Int32, ByRef lpNumberOfBytesWritten As Int32) As Int32
Private Declare Function ReadProcessMemory Lib "kernel32" Alias "ReadProcessMemory" (ByVal hProcess As Int32, ByVal lpBaseAddress As Int32, ByRef lpBuffer As Int32, ByVal nSize As Int32, ByRef lpNumberOfBytesWritten As Int32) As Int32
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Int32) As Int32
Public Const PROCESS_VM_READ = &H10
Public Const PROCESS_VM_WRITE = (&H20)
Public Const PROCESS_VM_OPERATION = (&H8)
Public Const PROCESS_QUERY_INFORMATION = (&H400)
Public Const PROCESS_READ_WRITE_QUERY = PROCESS_VM_READ + PROCESS_VM_WRITE + PROCESS_VM_OPERATION + PROCESS_QUERY_INFORMATION
Public Const PROCESS_ALL_ACCESS = &H1F0FFF
Public Function Tibia_Hwnd() As Long
Dim TibiaWindows As Process() = Process.GetProcessesByName("Template")
If TibiaWindows.Length = 0 Then
Return 0
Exit Function
End If
Return TibiaWindows(0).Id
End Function
Private Function Memory_ReadLong(ByVal Address As Int32) As Long
Dim vBuffer As Long
Dim processHandle As IntPtr = OpenProcess(PROCESS_VM_READ, 0, Tibia_Hwnd)
ReadProcessMemory(processHandle, Address, vBuffer, 4, 0)
Return vBuffer
CloseHandle(processHandle)
End Function
Private Function Memory_WriteLong(ByVal Address As Int32, ByVal vBuffer As Long) As Long
Dim processHandle As IntPtr = OpenProcess(PROCESS_READ_WRITE_QUERY, 0, Tibia_Hwnd)
WriteProcessMemory(processHandle, Address, vBuffer, 4, 0)
Return vBuffer
CloseHandle(processHandle)
End Function
Public Function Memory_ReadString(ByVal Address As Long, ByVal CharCount As Int32) As String
Dim ret As Byte() = Nothing
Dim vBuffer As Long
Dim processHandle As IntPtr = OpenProcess(PROCESS_VM_READ, 0, Tibia_Hwnd)
Dim tStr(CharCount) As Char
Dim retStr As String = ""
For i As Int32 = 0 To CharCount Step 2
ReadProcessMemory(processHandle, Address + i, vBuffer, 1, 0)
ret = BitConverter.GetBytes(vBuffer)
tStr(i) = System.Text.Encoding.Unicode.GetString(ret) : retStr += tStr(i)
Next i
Return retStr
CloseHandle(processHandle)
End Function
Public Function WriteString(ByVal address As Long, ByVal str As String) As Boolean
Dim processHandle As IntPtr = OpenProcess(PROCESS_READ_WRITE_QUERY, 0, Tibia_Hwnd)
For i As Integer = 0 To Len(str) - 1
WriteProcessMemory(processHandle, address + i, Asc(Mid(str, i + 1, 1)), 1, 0)
Next i
Return 0
End Function
Private Sub Button1_Click(sender As System.Object, e As System.EventArgs) Handles Button1.Click
TextBox1.Text = Memory_ReadString(&H34B94F4, 23).ToString
End Sub
End Class |
the address & H34B94F4 is the position of my word unicode.
how to find the address in relation to my word (eg "vaultLevel91")?
do you have a way to display the address in relation to the word?
thank you beforehand
|
|
| Back to top |
|
|
pkedpker
Master Cheater
![]() Reputation: 1
Joined: 11 Oct 2006
Posts: 412
|
| Posted: Fri Jan 01, 2016 2:56 pm Post subject: |
|
|
| Code: |
Encoding.Unicode.GetString(packet, startIndex, size)
|
in your case
| Code: |
dim vBuffer() as byte
dim YourString as String = Encoding.Unicode.GetString(vBuffer, 0, CharCount)
|
your Memory_ReadString method could be made better and it would be faster too.
If it doesn't work try changing
| Code: | | ReDim vBuffer(CharCount * 2) |
to
| Code: | | ReDim vBuffer((CharCount * 2)+1) |
| Code: |
Public Function Memory_ReadString(ByVal Address As Long, ByVal CharCount As Int32) As String
Dim ret As Byte() = Nothing
Dim vBuffer As Byte()
ReDim vBuffer(CharCount * 2)
Dim processHandle As IntPtr = OpenProcess(PROCESS_VM_READ, 0, Tibia_Hwnd)
ReadProcessMemory(processHandle, Address, vBuffer, CharCount*2, 0)
CloseHandle(processHandle)
Return Encoding.Unicode.GetString(vBuffer, 0, CharCount)
End Function
|
I use *2 because it contains zeros between of every letter for unicode.. make sure first letter isn't a zero or it will give you chinese letters lol.
The ReDim +1 i don't know if it's necessary probably not, Since I don't know how ReadProcessMemory from the top of my head it might be needed but most likely not.
Edit:
I fix your WriteString too.. now its better and much faster (assuming WriteString also must be unicode not ASCII.. if it's ASCII then it's a easy fix just change one line of code
ASCII:
| Code: | | Dim bytes() As Byte = System.Text.Encoding.ASCII.GetBytes(str) |
UNICODE:
| Code: | | Dim bytes() As Byte = Encoding.Unicode.GetBytes(str) |
| Code: |
Public Sub WriteString(ByVal address As Long, ByVal str As String)
Dim processHandle As IntPtr = OpenProcess(PROCESS_READ_WRITE_QUERY, 0, Tibia_Hwnd)
Dim bytes() As Byte = System.Text.Encoding.Unicode.GetBytes(str)
WriteProcessMemory(processHandle, address ,bytes, bytes.Length, 0)
End Sub
|
You'll probably need both ASCII and UNICODE for certain situations.. so I would make a if statement to hop between both of them with a extra parameter to WriteString determining if its UNICODE or ASCII
Here I show you
| Code: |
Public Sub WriteString(ByVal address As Long, ByVal str As String, isASCII as Boolean) As Boolean
Dim processHandle As IntPtr = OpenProcess(PROCESS_READ_WRITE_QUERY, 0, Tibia_Hwnd)
Dim bytes() As Byte
if isASCII then
bytes = System.Text.Encoding.ASCII.GetBytes(str)
else
bytes = System.Text.Encoding.Unicode.GetBytes(str)
end if
WriteProcessMemory(processHandle, address ,bytes, bytes.Length, 0)
End Sub
|
The WriteProcessMemory length is also calculated using the text encoding as it always returns the right sizes.
_________________
|
|
| Back to top |
|
|
thedebutent
Newbie cheater
![]() Reputation: 0
Joined: 30 Dec 2015
Posts: 11
|
| Posted: Sun Jan 03, 2016 2:35 am Post subject: |
|
|
hello,
here is my code change:
| Code: | Public Class Form1
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Integer, ByVal bInheritHandle As Integer, ByVal dwProcessId As Integer) As Integer
Private Declare Function ReadProcessMemory4 Lib "kernel32" Alias "ReadProcessMemory" (ByVal hProcess As Integer, ByVal lpBaseAddress As Integer, ByRef lpBuffer As Byte, ByVal nSize As Integer, ByRef lpNumberOfBytesWritten As Integer) As Byte
Public Function FindPattern(ByVal Process As String, ByVal HEXA As String) As Long
For dwCurrentAddress As Long = &H1000000 To &H7FFFFFFF Step 1
If Compare(Process, dwCurrentAddress, HEXA) Then
Return dwCurrentAddress
End If
Next
Return -1
End Function
Private Function Compare(Process As String, Address As Long, HEXA As String) As Boolean
Dim pTemp As Byte = Nothing
For i As Integer = 0 To HEXA.Length - 1 Step 1
pTemp = ReadByte(Process, (Address + i), 4)
If pTemp = Nothing Then
Return False
End If
Next
Return True
End Function
Public Function ReadByte(ByVal ProcessName As String, ByVal Address As Integer, Optional ByVal nsize As Integer = 4) As Byte
If ProcessName.EndsWith(".exe") Then
ProcessName = ProcessName.Replace(".exe", "")
End If
Dim MyP As Process() = Process.GetProcessesByName(ProcessName)
If MyP.Length = 0 Then
MessageBox.Show(ProcessName & " isn't open!")
End If
Dim hProcess As IntPtr = OpenProcess(&H10, 0, MyP(0).Id)
If hProcess = IntPtr.Zero Then
MessageBox.Show("Failed to open " & ProcessName & "!")
End If
Dim hAddress As Integer
Dim vBuffer As Byte = Nothing
hAddress = Address
ReadProcessMemory4(hProcess, hAddress, vBuffer, nsize, 0)
Return vBuffer
End Function
Private Sub Button1_Click(sender As System.Object, e As System.EventArgs) Handles Button1.Click
Dim HEXA As String = "54 3D 6A 10 00 24 B9 03 8C 48 C9 03 5A 00 00 00"
Dim MonAddress As Long = FindPattern("Template", HEXA)
TextBox1.Text = MonAddress.ToString("X8")
End Sub |
with my code change how having same address as the cheat engine?
Thanks for your help?
| Description: |
|
| Filesize: |
116.6 KB |
| Viewed: |
14575 Time(s) |
|
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
