| View previous topic :: View next topic |
| Author |
Message |
deleted user 343211
Cheater
![]() Reputation: 0
Joined: 09 Feb 2013
Posts: 29
|
 Posted: Wed Mar 06, 2013 1:46 am Post subject: [C++] Reading Base Address Values |
 |
|
Hello,
I have this code:
| Code: | int ReadVariable(LPCSTR pName, DWORD address){
int value = 0;
DWORD pid;
HWND hwnd;
hwnd = FindWindow(NULL,pName);
if(!hwnd)
{
cout <<"Window not found!\n";
cin.get();
}
else
{
GetWindowThreadProcessId(hwnd,&pid);
HANDLE phandle = OpenProcess(PROCESS_VM_READ,0,pid);
if(!phandle)
{
cout <<"Could not get handle!\n";
cin.get();
}
else
{
ReadProcessMemory(phandle,(void*)address,&value,sizeof(value),0);
return value;
}
}
}
|
That uses DWORDs to read the address, but how do I do that with an address like "game.exe"+0012AD10?
Thanks.
|
|
| Back to top |
|
 |
unknown_k
Expert Cheater
![]() Reputation: 5
Joined: 24 May 2011
Posts: 211
|
| Posted: Wed Mar 06, 2013 2:20 am Post subject: Re: [C++] Reading Base Address Values |
|
|
nothing special
"game.exe" == 0040000
|
|
| Back to top |
|
|
deleted user 343211
Cheater
![]() Reputation: 0
Joined: 09 Feb 2013
Posts: 29
|
| Posted: Wed Mar 06, 2013 2:25 am Post subject: Re: [C++] Reading Base Address Values |
|
|
| unknown_k wrote: | nothing special
"game.exe" == 0040000 |
How do you calculate that?
|
|
| Back to top |
|
|
unknown_k
Expert Cheater
![]() Reputation: 5
Joined: 24 May 2011
Posts: 211
|
| Posted: Wed Mar 06, 2013 2:55 am Post subject: Re: [C++] Reading Base Address Values |
|
|
this maybe?
http://msdn.microsoft.com/en-us/library/ms809762.aspx
| Quote: | DWORD ImageBase
When the linker creates an executable, it assumes that the file will be memory-mapped to a specific location in memory. That address is stored in this field, assuming a load address allows linker optimizations to take place. If the file really is memory-mapped to that address by the loader, the code doesn't need any patching before it can be run. In executables produced for Windows NT, the default image base is 0x10000. For DLLs, the default is 0x400000. In Windows 95, the address 0x10000 can't be used to load 32-bit EXEs because it lies within a linear address region shared by all processes. Because of this, Microsoft has changed the default base address for Win32 executables to 0x400000. Older programs that were linked assuming a base address of 0x10000 will take longer to load under Windows 95 because the loader needs to apply the base relocations. |
|
|
| Back to top |
|
|
deleted user 343211
Cheater
![]() Reputation: 0
Joined: 09 Feb 2013
Posts: 29
|
| Posted: Wed Mar 06, 2013 3:19 am Post subject: Re: [C++] Reading Base Address Values |
|
|
| unknown_k wrote: | this maybe?
| Quote: | DWORD ImageBase
When the linker creates an executable, it assumes that the file will be memory-mapped to a specific location in memory. That address is stored in this field, assuming a load address allows linker optimizations to take place. If the file really is memory-mapped to that address by the loader, the code doesn't need any patching before it can be run. In executables produced for Windows NT, the default image base is 0x10000. For DLLs, the default is 0x400000. In Windows 95, the address 0x10000 can't be used to load 32-bit EXEs because it lies within a linear address region shared by all processes. Because of this, Microsoft has changed the default base address for Win32 executables to 0x400000. Older programs that were linked assuming a base address of 0x10000 will take longer to load under Windows 95 because the loader needs to apply the base relocations. |
|
What do I pass through the function, as the address?
|
|
| Back to top |
|
|
unknown_k
Expert Cheater
![]() Reputation: 5
Joined: 24 May 2011
Posts: 211
|
| Posted: Wed Mar 06, 2013 3:42 am Post subject: Re: [C++] Reading Base Address Values |
|
|
What do you mean by that?
This?
"game.exe"+0012AD10
"game.exe" == 00400000
"game.exe"+0012AD10 == 00400000+0012AD10 == 0052AD10
|
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 204
Joined: 25 Jan 2006
Posts: 8579
Location: 127.0.0.1
|
| Posted: Wed Mar 06, 2013 10:36 am Post subject: |
|
|
The image base for an executable can be dynamic as well so you shouldn't assume that it will always be at 0x00400000. You can use various API to get the base though such as:
- CreateToolhelp32Snapshot
- Process32First
- Process32Next
- Module32First
- Module32Next
Using those together you can determine the base address of the executable, as well as it's loaded modules, if needed.
_________________
- Retired. |
|
| Back to top |
|
|
Innovation
Grandmaster Cheater
![]() Reputation: 12
Joined: 14 Aug 2008
Posts: 617
|
|
| Back to top |
|
|
deleted user 343211
Cheater
![]() Reputation: 0
Joined: 09 Feb 2013
Posts: 29
|
| Posted: Thu Mar 07, 2013 9:32 pm Post subject: |
|
|
Innovation, I am using your function, but what do I pass as the dwProcessIdentifier? I have tried generating the PID, and using that, but your function returned 0.
My code:
| Code: |
DWORD pid;
HWND hwnd;
hwnd = FindWindow(NULL,"minecraft");
GetWindowThreadProcessId(hwnd,&pid);
cout << "PID: " << pid << endl;
DWORD_PTR base = dwGetModuleBaseAddress(pid,"jvm.dll");
cout << "Base: " << base << endl;
|
(Also, I'm not quite sure what to put for the second argument, either.)
Thanks.
|
|
| Back to top |
|
|
DDS
Expert Cheater
 Reputation: 3
Joined: 10 Feb 2011
Posts: 112
Location: Bill's Planet
|
| Posted: Fri Mar 08, 2013 1:14 am Post subject: |
|
|
| TheChickenWings wrote: | | I have tried generating the PID, and using that, but your function returned 0. |
in C Plus Plus if the Name of the dll is incorrect the Function will always fail - Make Sure that the dlls name is right.
Example : if the Letter j in the jvm.dll is Capital the Function is gonna return 0 because it couldnt find any module with that name.
_________________
elDarkDragonSlayer |
|
| Back to top |
|
|
deleted user 343211
Cheater
![]() Reputation: 0
Joined: 09 Feb 2013
Posts: 29
|
| Posted: Fri Mar 08, 2013 1:31 am Post subject: |
|
|
| DDS wrote: | | TheChickenWings wrote: | | I have tried generating the PID, and using that, but your function returned 0. |
in C Plus Plus if the Name of the dll is incorrect the Function will always fail - Make Sure that the dlls name is right.
Example : if the Letter j in the jvm.dll is Capital the Function is gonna return 0 because it couldnt find any module with that name. |
A put a debug message after it checks for a valid handle, and it didn't come up.
|
|
| Back to top |
|
|
Innovation
Grandmaster Cheater
![]() Reputation: 12
Joined: 14 Aug 2008
Posts: 617
|
| Posted: Fri Mar 08, 2013 6:07 am Post subject: |
|
|
| TheChickenWings wrote: | | A put a debug message after it checks for a valid handle, and it didn't come up. |
DDS is correct; the module name is case-sensitive. Which check are you referring to? Post all of your code.
|
|
| Back to top |
|
|
deleted user 343211
Cheater
![]() Reputation: 0
Joined: 09 Feb 2013
Posts: 29
|
| Posted: Fri Mar 08, 2013 9:37 am Post subject: |
|
|
| Innovation wrote: | | TheChickenWings wrote: | | A put a debug message after it checks for a valid handle, and it didn't come up. |
DDS is correct; the module name is case-sensitive. Which check are you referring to? Post all of your code. |
| Code: |
DWORD pid;
HWND hwnd;
hwnd = FindWindow(NULL,"minecraft");
GetWindowThreadProcessId(hwnd,&pid);
cout << "PID: " << pid << endl;
DWORD_PTR base = dwGetModuleBaseAddress(pid,"jvm.dll");
cout << "Base: " << base << endl;
Sleep(1000);
DWORD pointer = 0x0066ED50;
DWORD offset1 = 0x1A0;
DWORD offset2 = 0x1A8;
DWORD offset3 = 0x68;
DWORD offset4 = 0x70;
DWORD offset5 = 0x68;
DWORD offset6 = 0x1A8;
DWORD address = base + pointer + offset1 + offset2 + offset3 + offset4 + offset5 + offset6;
while(1){
int health = ReadVariable("minecraft",address);
cout << health << endl;
Sleep(100);
}
|
| Code: |
DWORD_PTR dwGetModuleBaseAddress(DWORD dwProcessIdentifier, TCHAR *szModuleName)
{
DWORD_PTR dwModuleBaseAddress = 0;
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, dwProcessIdentifier);
if (hSnapshot != INVALID_HANDLE_VALUE)
{
cout << "Passed" << endl;
MODULEENTRY32 ModuleEntry32;
ModuleEntry32.dwSize = sizeof(MODULEENTRY32);
if (Module32First(hSnapshot, &ModuleEntry32))
{
do
{
if (_tcscmp(ModuleEntry32.szModule, szModuleName) == 0)
{
dwModuleBaseAddress = (DWORD_PTR)ModuleEntry32.modBaseAddr;
break;
}
}
while (Module32Next(hSnapshot, &ModuleEntry32));
}
CloseHandle(hSnapshot);
}
return dwModuleBaseAddress;
}
|
| Code: |
int ReadVariable(LPCSTR pName, DWORD address){
int value = 0;
DWORD pid;
HWND hwnd;
hwnd = FindWindow(NULL,pName);
if(!hwnd)
{
cout <<"Window not found!\n";
cin.get();
}
else
{
GetWindowThreadProcessId(hwnd,&pid);
HANDLE phandle = OpenProcess(PROCESS_VM_READ,0,pid);
if(!phandle)
{
cout <<"Could not get handle!\n";
cin.get();
}
else
{
ReadProcessMemory(phandle,(void*)address,&value,sizeof(value),0);
return value;
}
}
}
|
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 204
Joined: 25 Jan 2006
Posts: 8579
Location: 127.0.0.1
|
| Posted: Fri Mar 08, 2013 10:44 am Post subject: |
|
|
Change the _tcscmp to _tcsicmp to perform a lower-case compare on the strings so that the compare is not case-sensitive.
_________________
- Retired. |
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 468
Joined: 09 May 2003
Posts: 25706
Location: The netherlands
|
| Posted: Fri Mar 08, 2013 11:04 am Post subject: |
|
|
Please add a closeHandle to readVariable, or at least make it a global handle (or pass it on as a function)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
