Cheat Engine

[hitmetwice]

How do I convert a pointer from a format like this:
address: "program.exe"+010868B4
offset1: 0x184

to a format like this:
address: 004E4DBC
offset1: F4
?

And what is the diffrence? This is really confisung me. A memory reading fucntion I found on the unternet does only work using the second format, but cheat engine's pointer scanner always gives me results that contain the .exe...

[Dark Byte]

You will need to locate the location of program.exe in memory and add 010868B4 to it
Each time you run the game that address can be different, so you need to look that up. The toolhelp32 api's (module32first/module32next)

[hitmetwice]

Just for testing purposes, can Cheat Engine give me the current base address of the process?

[Dark Byte]

Go to the address using modulename+offset notation and check the destination addres

[hitmetwice]

Ah, I see.

I'm using ReadProcessMemory() btw.
Any idea if I even need to add the baseaddress?

btw I'm trying to do this in AutoHotkey atm and I'm using this cute lib:
http://pastebin.com/4wCX0XPX

Here is an example that works perfectly fine for the game Assault Cube:

[Dark Byte]

You can replace it with 00400000 if the base address is 00400000 and it's an old game or they disabled the relocation explicitly

Judging from the window header lacking the glass effect my guess is that you're on xp with a stupid style, or windows 8.
If windows 8 there is a big chance the module will be loaded at a different location each time if it is a game that came out recently (last 8 years)

[hitmetwice]

Yeah I'm on windows 8. AssaultCube was released in Novebmer 2006.
And the baseaddress is always 00400000 on this computer. (Even after restarts etc.)

But well, I start understand it. Is there an easy way of retrieving the process baseaddress in C++ that does not require dll injection? Is there a function that I can just use?

[Dark Byte]

http://forum.cheatengine.org/viewtopic.php?p=5280115#5280115 has some info on how to do that lookup