 |
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
Triclone How do I cheat?
Reputation: 0
Joined: 29 Aug 2015 Posts: 4
|
Posted: Sun Aug 30, 2015 3:56 am Post subject: Getting the TEB address [C/C++] |
|
|
Hello again,
I am trying to find the Thread Enviroment Block of a thread by its handle but I noticed that NtQueryInformation from the Winternl.h namespace does not support getting the thread basic information anymore. In fact the whole enum looks like this:
Code: | typedef enum _THREAD_INFORMATION_CLASS {
ThreadMemoryPriority,
ThreadAbsoluteCpuPriority,
ThreadInformationClassMax
} THREAD_INFORMATION_CLASS; |
From MSDN i could further gather that the only actually supported mode is getting the ThreadMemoryPriority.
Am I missing a crucial Include ?
The THREAD_BASIC_INFORMATION struct also not defined anymore.
Should I redefine the struct and simply read the QueryInformation as is in the defined byte range and hope that the information I want is still there?
Edit://
So I redeclared the structs needed for the NtQueryInfoThread function and tried to load the values that way. to no avail.
Function:
Code: | typedef NTSTATUS(*ThreadInfoProc)(HANDLE, THREADINFOCLASS, PVOID, ULONG, PULONG);
PVOID CProcessHelper::GetThreadStackTopAddress(HANDLE hThread)
{
HINSTANCE ntdllInstance;
ThreadInfoProc NtQueryInfoThread;
ntdllInstance = LoadLibrary("Ntdll.dll");
if (ntdllInstance != NULL)
{
NtQueryInfoThread = (ThreadInfoProc)GetProcAddress(ntdllInstance, "NtQueryInformationThread");
if (NtQueryInfoThread != NULL)
{
long long StackTopPtr = 0;
int x = 0;
THREAD_BASIC_INFORMATION bi;
NT_TIB tib;
// Get basic info with TEB
NTSTATUS ntstat = (NtQueryInfoThread)(hThread, (THREADINFOCLASS)0, &bi, sizeof(THREAD_BASIC_INFORMATION),NULL);
ReadProcessMemory(CurrentProcessHandle, bi.TebBaseAddress, &tib, sizeof(NT_TIB), 0);
PrintHex(tib.StackBase); // output: CCCCCCCCCC
} |
Declarations:
Code: | typedef LONG KPRIORITY;
typedef struct _CLIENT_ID {
HANDLE UniqueProcess;
HANDLE UniqueThread;
} CLIENT_ID;
typedef CLIENT_ID *PCLIENT_ID;
typedef struct _THREAD_BASIC_INFORMATION
{
NTSTATUS ExitStatus;
PVOID TebBaseAddress;
CLIENT_ID ClientId;
KAFFINITY AffinityMask;
KPRIORITY Priority;
KPRIORITY BasePriority;
} THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
|
Best Regards,
Tri
|
|
Back to top |
|
 |
Stylo Grandmaster Cheater Supreme
Reputation: 3
Joined: 16 May 2007 Posts: 1073 Location: Israel
|
|
Back to top |
|
 |
Dark Byte Site Admin
Reputation: 470
Joined: 09 May 2003 Posts: 25791 Location: The netherlands
|
Posted: Mon Sep 07, 2015 4:59 am Post subject: |
|
|
try GetThreadSelectorEntry
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
 |
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|