| View previous topic :: View next topic |
| Author |
Message |
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
 Posted: Sun Jun 06, 2010 1:10 pm Post subject: Reading an address for a pointer |
 |
|
Okay so this is what I soppose we're sopposed to do to know if that address pointers to another:
| Code: |
DWORD Read = 0x00400000;
LPVOID Address = *(void*) Read;
|
For example? Is that how we are soppose to know if that address points to another address? |
|
| Back to top |
|
 |
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Sun Jun 06, 2010 2:01 pm Post subject: |
|
|
| let's say you want to know if X points to Y. find the value of X and see if it matches the address of Y |
|
| Back to top |
|
|
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
| Posted: Sun Jun 06, 2010 2:30 pm Post subject: |
|
|
Okay so, find the value of X and see if it matches with the address of Y or the value?
| Code: |
DWORD X = *(DWORD*) 0x004000000;
DWORD Y = 0x7FFFFFFF;
if (X == Y)
{
return true;
}
|
or
| Code: |
DWORD X = *(DWORD*) 0x004000000;
DWORD Y = *(DWORD*) 0x7FFFFFFF;
if (X == Y)
{
return true;
}
|
if we did the second method wouldn't we get hundreds of addresses? |
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Sun Jun 06, 2010 3:09 pm Post subject: |
|
|
| Code: | DWORD X;
DWORD Y;
if( X == &Y )
........ |
|
|
| Back to top |
|
|
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
| Posted: Sun Jun 06, 2010 4:24 pm Post subject: |
|
|
Ah, okay I see.
So:
Lets say i'm doing a pointer scan for the address: 0x904234AA:
| Code: |
DWORD ScanningFor = 0x904234AA;
MEMORY_BASIC_INFORMATION MBI = {0};
while (VirtualQuery((LPCVOID) MBI.BaseAddress + MBI.RegionSize, &MBI, sizeof(MEMORY_BASIC_INFORMATION))
{
if (MBI.Protect == PAGE_READWRITE)
{
DWORD EndAddr = MBI.BaseAddress + MBI.RegionSize - 1 - 4 (Scanning for 32 bits)
for (DWORD i = MBI.BaseAddress; i <= EndAddr; i++)
{
if (i = &ScanningFor)
{
AddToBuffer(i);
}
}
}
} |
|
|
| Back to top |
|
|
hcavolsdsadgadsg
I'm a spammer
![]() Reputation: 26
Joined: 11 Jun 2007
Posts: 5801
|
| Posted: Sun Jun 06, 2010 4:46 pm Post subject: Re: Reading an address for a pointer |
|
|
| iPromise wrote: | Okay so this is what I soppose we're sopposed to do to know if that address pointers to another:
| Code: |
DWORD Read = 0x00400000;
LPVOID Address = *(void*) Read;
|
|
this is an error.
why does this not work?
| Code: | char butt[] = "hello";
char dong[] = "hello";
if(butt == dong) |
because they point to different data, the addresses are different.
so, what will yams be?
| Code: | | char yams = *(butt + 1); |
for your code, | Code: | | DWORD ScanningFor = 0x904234AA; |
you trying to compare the address you're at (which is a DWORD) to the address of ScanningFor. think about what you're doing for a second.
| Code: | int butt = 0x00102030;
int dong = 0x00102030;
if((int*)butt == &dong)
{
//we'll never get here
return 10;
}
|
butt and dong have the same value, but think of what you're comparing.
0x00102030 vs whatever the actual address of dong is.
you're going to get an error anyway since you're trying to compare a DWORD to a DWORD*. |
|
| Back to top |
|
|
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
| Posted: Sun Jun 06, 2010 4:57 pm Post subject: |
|
|
| @slovach I get what you're saying, but then how can I compare to find pointers if thats the case? |
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Sun Jun 06, 2010 8:47 pm Post subject: |
|
|
i think now is the time when we should leave you with what is already in this thread. you clearly do not get what he's saying and probably did not make much effort to. the same applies to my post. if you did 'get it' you wouldn't need to ask that question. all that question shows is you didn't bother to read our posts and want us to spoonfeed you more copy and paste code.
i will answer specific questions if i believe they are to help you understand but you can consider the amount of code i supply to you in the future as limited |
|
| Back to top |
|
|
zile
Advanced Cheater
![]() Reputation: 0
Joined: 11 Jul 2009
Posts: 75
|
| Posted: Sun Jun 06, 2010 11:59 pm Post subject: |
|
|
get the address you want to find as pointer
DWORD FindEnd = 0x12345678;
minus FindEnd from the offset range you want and put into FindStart // lets say 2048
DWORD FindStart = FindEnd - Offset; // so 0x12345678 - 0x2048
then if your memory scanner supports range scans, scan your process for any address with values in range FindStart to FindEnd
note : you can simplify this once u understand it. and this method is more accurate especially if the FindEnd is in a struct ( has offset )
it cant get any easier than this... if you still cant do it then you still dont know what a pointer is.. |
|
| Back to top |
|
|
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
| Posted: Fri Jun 11, 2010 11:32 pm Post subject: |
|
|
EDIT
I made a console application and double-checked all of this, and now I understand what you guys mean:
| Code: |
#include <iostream>
void main()
{
using namespace std;
int var = 10;
int& dereference = var;
cout << &var << endl;
cout << &dereference << endl;
if (&dereference == &var)
{
cout << "Worked." << endl;
}
system("PAUSE");
}
|
|
|
| Back to top |
|
|
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
| Posted: Sun Jun 13, 2010 7:01 pm Post subject: |
|
|
Hmm guys, this doesn't seem to display me correct results, I compare my results with Cheat Engine and I don't get not even one address in the same results. Please help, i've tried debugging and changing things around, but I can't seem to find what displays these wrong addresses.
| Code: |
// File
ofstream PointerFile("C:\\PointerFile.txt");
PointerFile.clear();
// Set Variables
string AddressStr = PointerScan(hWndDlg);
DWORD Range = 0x2048;
DWORD Address = Function::strConvertDWord(AddressStr);
// Scan
MEMORY_BASIC_INFORMATION MemInfo = {0};
while (VirtualQuery((LPCVOID) ((DWORD) MemInfo.BaseAddress + (DWORD) MemInfo.RegionSize), &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)))
{
if ( (MemInfo.State == MEM_COMMIT) && (MemInfo.Protect == PAGE_READWRITE) )
{
DWORD EndAddr = (DWORD) MemInfo.BaseAddress + (DWORD) MemInfo.RegionSize;
for (DWORD Addr = (DWORD) MemInfo.BaseAddress; Addr <= (EndAddr - 1 - sizeof(DWORD)); Addr++)
{
DWORD AddressBegin;
DWORD AddressEnd;
ObtainValues(Address, Range, &AddressBegin, &AddressEnd);
if (!AddressBegin)
{
Addr = EndAddr;
}
if (!AddressEnd)
{
Addr = EndAddr;
}
if ( ( Function::IsStatic(Addr) ) == true )
{
for (DWORD i = AddressBegin; i <= AddressEnd; i++)
{
if ( (*(DWORD*) Addr) == i )
{
PointerFile << Function::dwGetAddrInfo(Addr) << endl;
}
}
}
else
{
++Addr;
}
}
}
}
// Close File
PointerFile.close();
|
ObtainValues()
| Code: |
void ObtainValues(DWORD Address, DWORD Range, LPDWORD AddressBegin, LPDWORD AddressEnd)
{
__try {
*AddressBegin = *(DWORD*) (Address - Range);
*AddressEnd = *(DWORD*) (Address);
}
__except (true) {
*AddressBegin = 0;
*AddressEnd = 0;
}
}
|
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
