Cheat Engine

marmotas · Newbie cheater Reputation: 0 Joined: 31 Dec 2014 Posts: 10

Happy new near everybody!

I have used SWF Memory Dumper to dump the dlls from chrome.exe or plugin-container.exe. I want to create a simple program in C/ C#/ C++ that opens the chrome.exe or plugin-container.exe, like the SWF Memory Dumper and identifies the dlls.

Any help or guidance will be appreciated. Thank you

atom0s · Posted: Thu Jan 01, 2015 3:39 pm Post subject:

In C++ you can use:
- CreateToolhelp32Snapshot
- Process32First / Process32Next
- Module32First / Module32Next

These API will help you locate the desired process and loop each module. If you want to dump their memory then you will also need:
- OpenProcess
- ReadProcessMemory

And be sure to cleanup your handles with:
- CloseHandle

In C# you can do this with the Process class.
http://msdn.microsoft.com/en-us/library/system.diagnostics.process%28v=vs.110%29.aspx

You will also need ReadProcessMemory if you plan to dump the memory of the modules etc.

marmotas · Newbie cheater Reputation: 0 Joined: 31 Dec 2014 Posts: 10

Thanks

schaka · How do I cheat? Reputation: 0 Joined: 11 Feb 2015 Posts: 4

How is this different from EnumProcessModules()? I think I may have the same problem, because I'm iterating through modules found that way, rather than the way you describe, leading to a difference in modules found in CE and my software.

atom0s · Posted: Wed Feb 11, 2015 5:47 pm Post subject:

Just a different set of API accomplishing the same task.

What I mentioned above uses Tlhelp32 API, where as EnumProcessModules makes use of PSAPI. Both accomplish the same thing, just via different API. So it's up to you which one you want to pick/use.

For your problem, you may need to look into EnumProcessModulesEx.