| View previous topic :: View next topic |
| Author |
Message |
Monstreous03
How do I cheat?
![]() Reputation: 0
Joined: 05 May 2013
Posts: 1
Location: Danmark
|
 Posted: Sun May 05, 2013 6:18 am Post subject: Visual Basic - Read Offset |
 |
|
Hi, now I've been trying for 8 hours straight and my program just doesn't wanna work.....
I want to read the value out of the highlighted in this picture:
SEE ATTACHMENT
But the problem is, that it comes from client.dll and not the process.exe
I just have nlo clue how to make it right, have tryed different of possibilities written on the net.
| Description: |
|
| Filesize: |
1.3 MB |
| Viewed: |
7002 Time(s) |
|
|
|
| Back to top |
|
 |
jucce
Advanced Cheater
![]() Reputation: 1
Joined: 02 Apr 2013
Posts: 99
|
| Posted: Sun May 05, 2013 6:15 pm Post subject: |
|
|
Well when it comes to C# the way I found the memory address of the actual main executable was the following:
| Code: | System.Diagnostics.Process[] actvProcesses = System.Diagnostics.Process.GetProcessesByName("NAME");
System.Diagnostics.Process srcProcess = actvProcesses[0];
ProcessModule srcProcessModule = srcProcess.MainModule;
baseAddress = (int)srcProcessModule.BaseAddress;
|
However you don't want the address to the main module but rather another loaded module. So in that case take a look here:
http://msdn.microsoft.com/en-us/library/system.diagnostics.process.aspx
http://msdn.microsoft.com/en-us/library/system.diagnostics.process.modules.aspx
Using srcProcess.Modules you can reach all the loaded modules like .dll files. I hope that can give some help for your situation.
|
|
| Back to top |
|
|
deviluc
Cheater
![]() Reputation: 1
Joined: 02 Jun 2010
Posts: 28
|
| Posted: Mon May 06, 2013 2:24 am Post subject: |
|
|
Just add the pointer to your .ce file, then double click it and write down the value contained in the basepointer, search for it and you'll find the address of the basepointer, in the most cases you just have to add something to "client.dll"+00979DD4. The Value you have to add is the first address of "client.dll".
For e.g. in torchlight 2 "Torchlight2.exe" was 0x04000000.
|
|
| Back to top |
|
|
Pingo
Grandmaster Cheater
![]() Reputation: 8
Joined: 12 Jul 2007
Posts: 571
|
| Posted: Mon May 06, 2013 9:51 am Post subject: |
|
|
Just loop the modules to get the base of the one you need.
| Code: | | int YourAddy = GetModuleBase("Process Name Here", "client.dll") + 0x979DD4; |
| Code: | public int GetModuleBase(string ProcessName, string Module)
{
Process[] p = Process.GetProcessesByName(ProcessName);
if (p.Length == 0) return 0;
Module = Module.ToLower();
foreach (ProcessModule M in p[0].Modules)
{
if (M.ModuleName.ToLower() == Module)
return M.BaseAddress.ToInt32();
}
return 0;
} |
Then use ReadProcessMemory to read the address and BitConverter to convert those bytes to whatever value type you need.
EDIT:
Just noticed your thread title said VB haha
| Code: | Function GetModuleBase(ByVal ProcessName As String, ByVal _Module As String) As Integer
Dim p As Process() = Process.GetProcessesByName(ProcessName)
If p.Length = 0 Then Return 0
_Module = _Module.ToLower
For Each M As ProcessModule In p(0).Modules
If M.ModuleName.ToLower = _Module Then Return M.BaseAddress.ToInt32
Next
Return 0
End Function |
_________________
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
