Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


[DELPHI] ASK: Multi-Level Pointer

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
icarusdc
How do I cheat?
Reputation: 0

Joined: 30 Mar 2016
Posts: 5
PostPosted: Fri Aug 19, 2016 4:15 pm    Post subject: [DELPHI] ASK: Multi-Level Pointer Reply with quote
Hi,

I already tried some snippet for Multi-Level Pointer from this forum but unfortunately I got no result.

This is the Multi-Level Pointer I found for Unlimited Sun hack in Plants vs. Zombies.

Photo of Multi-Level Pointer: hxxps://s26.postimg.org/n6iaoj2fd/image.jpg

Here is the 1st code.

Code:

function GetModuleBaseAddress(ProcessID: Cardinal; MName: String): Pointer;
var
  Modules         : Array of HMODULE;
  cbNeeded, i     : Cardinal;
  ModuleInfo      : TModuleInfo;
  ModuleName      : Array[0..MAX_PATH] of Char;
  PHandle         : THandle;
begin
  Result := nil;
  SetLength(Modules, 1024);
  PHandle := OpenProcess(PROCESS_QUERY_INFORMATION + PROCESS_VM_READ, False, ProcessID);
  if (PHandle <> 0) then
  begin
    EnumProcessModules(PHandle, @Modules[0], 1024 * SizeOf(HMODULE), cbNeeded);
    SetLength(Modules, cbNeeded div SizeOf(HMODULE));
    for i := 0 to Length(Modules) - 1 do //Start the bucle
    begin
      GetModuleBaseName(PHandle, Modules[i], ModuleName, SizeOf(ModuleName));
      if AnsiCompareText(MName, ModuleName) = 0 then
      begin
        GetModuleInformation(PHandle, Modules[i], @ModuleInfo, SizeOf(ModuleInfo));
        Result := ModuleInfo.lpBaseOfDll;
        CloseHandle(PHandle);
        Exit;
      end;
    end;
  end;
end;

procedure TForm1.bPointerClick(Sender: TObject);
var
  WHandle : HWND;
  PHandle: THandle;
  Address, X, Buffer: DWORD;
  NewValue: Cardinal;
  ProcessID : Cardinal;
begin
  ProcessID := 0;
  NewValue := $09;
  WHandle := FindWindow(nil, 'Plants vs. Zombies');
  if wHandle = 0 then
  begin
  ShowMessage('notfound');
  end else
  begin
  GetWindowThreadProcessId(WHandle, @ProcessID);
  Address := Integer(GetModuleBaseAddress(ProcessID, 'popcapgame1.exe')) + Integer($002A9EC0);
  PHandle := OpenProcess(PROCESS_ALL_ACCESS, False, ProcessID);
  ReadProcessMemory(PHandle, Ptr(Address + $768), Addr(Buffer), 4, X);
  ReadProcessMemory(PHandle, Ptr(Buffer + $5560), Addr(Buffer), 4, X);
  WriteProcessMemory(PHandle, Ptr(Buffer), @NewValue, 1, X);
  CloseHandle(PHandle);
  end;
end;




Here is the 2nd code.

Code:

function AddressOfMultiLevelPointer(Access: THandle; InitialAddress: Cardinal;
  Offsets: array of Cardinal): Cardinal;
var
  Address: Cardinal;
  Buff: Cardinal;
  Read: Cardinal;
  i: integer;
begin
  Address := InitialAddress + Offsets[ High(Offsets)];
  ReadProcessMemory(Access, Pointer(Address), @Buff, SizeOf(Buff), Read);
  for i := High(Offsets) - 1 downto 1 do
  begin
    Address := Buff + Offsets[i];
    ReadProcessMemory(Access, Pointer(Address), @Buff, SizeOf(Buff), Read);
  end;
  Result := Buff + Offsets[0];
end;

function GetProcessIDByName(Exename: String): DWord;
var
  hProcSnap: THandle;
  pe32: TProcessEntry32;
begin
  Result := 0;
  hProcSnap := CreateToolHelp32SnapShot(TH32CS_SNAPPROCESS, 0);
  if hProcSnap <> INVALID_HANDLE_VALUE then
  begin
    pe32.dwSize := SizeOf(ProcessEntry32);
    if Process32First(hProcSnap, pe32) = True then
    begin
      while Process32Next(hProcSnap, pe32) = True do
      begin
        if pos(Exename, pe32.szExeFile) <> 0 then
          Result := pe32.th32ProcessID;
      end;
    end;
    CloseHandle(hProcSnap);
  end;
end;



procedure TForm1.bPointer2Click(Sender: TObject);
var
  Address, InitialAddress, PID, Buff: Cardinal;
  Value: Cardinal;
  Access: THandle;
const
  OFFSET1: Cardinal = $0768;
  OFFSET2: Cardinal = $5560;
begin
  PID := GetProcessIdByName('popcapgame1.exe');
  Access := OpenProcess(PROCESS_ALL_ACCESS, False, PID);
  InitialAddress := Integer(GetModuleBaseAddress(PID, 'popcapgame1.exe')) + Integer($002A9EC0);
  Address := AddressOfMultiLevelPointer(Access, InitialAddress, [OFFSET1, OFFSET2]);
  ReadProcessMemory(Access, Ptr(Address), @Value, SizeOf(Value), Buff);
  Showmessage(IntToStr(Value));
end;


Both codes no works to change value. What's wrong with those codes?
I want to edit value from Multi-Level Pointer using WriteProcessMemory.
I need some help.

Thank you
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 150

Joined: 06 Jul 2014
Posts: 4652
PostPosted: Fri Aug 19, 2016 6:29 pm    Post subject: Reply with quote
Code:
  Address := Integer(GetModuleBaseAddress(ProcessID, 'popcapgame1.exe')) + Integer($002A9EC0);
  PHandle := OpenProcess(PROCESS_ALL_ACCESS, False, ProcessID);
  ReadProcessMemory(PHandle, Ptr(Address + $768), Addr(Buffer), 4, X);
  ReadProcessMemory(PHandle, Ptr(Buffer + $5560), Addr(Buffer), 4, X);
  WriteProcessMemory(PHandle, Ptr(Buffer), @NewValue, 1, X);

Your pointer path here is [[game.exe+002A9EC0+768]+5560]+0
The pointer path in CE is [[game.exe+002A9EC0]+768]+5560
Either add the offsets later or dereference the pointers earlier (more or less the same thing).
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
icarusdc
How do I cheat?
Reputation: 0

Joined: 30 Mar 2016
Posts: 5
PostPosted: Sat Aug 20, 2016 2:33 am    Post subject: Reply with quote
Thanks for your reply.

So I need to use the 1st code.

I tried to follow your instruction and change the code into like this:
Code:

Address := Integer(GetModuleBaseAddress(ProcessID, 'popcapgame1.exe')) + $002A9EC0 + $768;
  PHandle := OpenProcess(PROCESS_ALL_ACCESS, False, ProcessID);
  ReadProcessMemory(PHandle, Ptr(Address + $5560), Addr(Buffer), 4, X);
  ReadProcessMemory(PHandle, Ptr(Buffer), Addr(Buffer), 4, X);
  WriteProcessMemory(PHandle, Ptr(Buffer), @NewValue, 1, X);


is that correct?

But, still I got no result.

Salam
Back to top
View user's profile Send private message
hhhuut
Grandmaster Cheater
Reputation: 6

Joined: 08 Feb 2015
Posts: 607
PostPosted: Sat Aug 20, 2016 7:43 am    Post subject: Reply with quote
Code:
procedure WritePointer;
var
  finalAddress: NativeUInt;
begin
  //some code like ProcessID :=, PHandle :=, etc.

  finalAddress := GetModuleBaseAddress(ProcessID, 'popcapgame1.exe') + $2a9ec0;

  ReadProcessMemory(PHandle, Pointer(finalAddress), @finalAddress, 4, X);

  Inc(finalAddress, $768);

  ReadProcessMemory(PHandle, Pointer(finalAddress), @finalAddress, 4, X);

  Inc(finalAddress, $5560);

  WriteProcessMemory(PHandle, Pointer(finalAddress), @NewValue, 4, X);
end;

Of course I'd also advise you to check if all the functions returned successful ...
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 150

Joined: 06 Jul 2014
Posts: 4652
PostPosted: Sat Aug 20, 2016 9:17 am    Post subject: Reply with quote
icarusdc wrote:
Code:
  Address := Integer(GetModuleBaseAddress(ProcessID, 'popcapgame1.exe')) + $002A9EC0 + $768;
  PHandle := OpenProcess(PROCESS_ALL_ACCESS, False, ProcessID);
  ReadProcessMemory(PHandle, Ptr(Address + $5560), Addr(Buffer), 4, X);
  ReadProcessMemory(PHandle, Ptr(Buffer), Addr(Buffer), 4, X);
  WriteProcessMemory(PHandle, Ptr(Buffer), @NewValue, 1, X);

Now your pointer path is [[game.exe + 002A9EC0 + 768 + 5560] + 0] + 0

You're even worse off than you were before. It's clear you don't understand what pointers are, so you should study them before you try to use them.
http://www.cplusplus.com/doc/tutorial/pointers/
https://www.youtube.com/watch?v=W0aE-w61Cb8
http://forum.cheatengine.org/viewtopic.php?t=334728
At least look at this topic.
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
icarusdc
How do I cheat?
Reputation: 0

Joined: 30 Mar 2016
Posts: 5
PostPosted: Sat Aug 20, 2016 12:18 pm    Post subject: Reply with quote
@hhhuut
Thank you. Your code really works!
So I go back to my problem and try figuring out why I got wrong result.
And finally, I get a good one now.

So the code should be like this:
Code:

Address := Integer(GetModuleBaseAddress(ProcessID, 'popcapgame1.exe')) + $002A9EC0;
ReadProcessMemory(PHandle, Ptr(Address), @Address, 4, X);
ReadProcessMemory(PHandle, Ptr(Address + $768), @Address, 4, X);
WriteProcessMemory(PHandle, Ptr(Address + $5560), @NewValue, SizeOf(NewValue), X);


Thank you so much @ParkourPenguin
Your guide is great.

Now it's solved and I want to try coding next step.

Thank you once again!!

Salam.
Back to top
View user's profile Send private message
hhhuut
Grandmaster Cheater
Reputation: 6

Joined: 08 Feb 2015
Posts: 607
PostPosted: Sat Aug 20, 2016 12:32 pm    Post subject: Reply with quote
Nice to see you got the problem with ParkourPenguin's links Smile
Back to top
View user's profile Send private message
MoL4uN87
How do I cheat?
Reputation: 0

Joined: 08 Jun 2013
Posts: 2
PostPosted: Tue Aug 30, 2016 12:59 pm    Post subject: Reply with quote
no work x64 .exe ( sorry bad english
Back to top
View user's profile Send private message
MoL4uN87
How do I cheat?
Reputation: 0

Joined: 08 Jun 2013
Posts: 2
PostPosted: Wed Aug 31, 2016 12:07 am    Post subject: Reply with quote
GTA5.exe no work
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites