Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Getting the TEB address [C/C++]

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
Triclone
How do I cheat?
Reputation: 0

Joined: 29 Aug 2015
Posts: 4

PostPosted: Sun Aug 30, 2015 3:56 am    Post subject: Getting the TEB address [C/C++] Reply with quote

Hello again,
I am trying to find the Thread Enviroment Block of a thread by its handle but I noticed that NtQueryInformation from the Winternl.h namespace does not support getting the thread basic information anymore. In fact the whole enum looks like this:
Code:
typedef enum _THREAD_INFORMATION_CLASS {
    ThreadMemoryPriority,
    ThreadAbsoluteCpuPriority,
    ThreadInformationClassMax
} THREAD_INFORMATION_CLASS;


From MSDN i could further gather that the only actually supported mode is getting the ThreadMemoryPriority.

Am I missing a crucial Include ?
The THREAD_BASIC_INFORMATION struct also not defined anymore.
Should I redefine the struct and simply read the QueryInformation as is in the defined byte range and hope that the information I want is still there?


Edit://
So I redeclared the structs needed for the NtQueryInfoThread function and tried to load the values that way. to no avail.

Function:
Code:
typedef NTSTATUS(*ThreadInfoProc)(HANDLE, THREADINFOCLASS, PVOID, ULONG, PULONG);
PVOID CProcessHelper::GetThreadStackTopAddress(HANDLE hThread)
{
   HINSTANCE ntdllInstance;
   ThreadInfoProc NtQueryInfoThread;

   ntdllInstance = LoadLibrary("Ntdll.dll");

   if (ntdllInstance != NULL)
   {
      NtQueryInfoThread = (ThreadInfoProc)GetProcAddress(ntdllInstance, "NtQueryInformationThread");

      if (NtQueryInfoThread != NULL)
      {
         long long StackTopPtr = 0;
         int x = 0;

         THREAD_BASIC_INFORMATION bi;
         NT_TIB tib;
         // Get basic info with TEB
         
         NTSTATUS ntstat = (NtQueryInfoThread)(hThread, (THREADINFOCLASS)0, &bi, sizeof(THREAD_BASIC_INFORMATION),NULL);
         ReadProcessMemory(CurrentProcessHandle, bi.TebBaseAddress, &tib, sizeof(NT_TIB), 0);
         PrintHex(tib.StackBase); // output: CCCCCCCCCC
      }


Declarations:
Code:
typedef LONG KPRIORITY;

typedef struct _CLIENT_ID {
   HANDLE UniqueProcess;
   HANDLE UniqueThread;
} CLIENT_ID;
typedef CLIENT_ID *PCLIENT_ID;

typedef struct _THREAD_BASIC_INFORMATION
{
   NTSTATUS                ExitStatus;
   PVOID                   TebBaseAddress;
   CLIENT_ID               ClientId;
   KAFFINITY               AffinityMask;
   KPRIORITY               Priority;
   KPRIORITY               BasePriority;
} THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;

Best Regards,
Tri
Back to top
View user's profile Send private message
Stylo
Grandmaster Cheater Supreme
Reputation: 3

Joined: 16 May 2007
Posts: 1073
Location: Israel

PostPosted: Mon Sep 07, 2015 3:56 am    Post subject: This post has 1 review(s) Reply with quote

If you want the TEB for the current thread, just use inline assembly
Code:

__asm
{
  mov eax,dword ptr fs:[0]
  mov dword ptr ds:[dwTEB],eax
}

_________________
Stylo
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 470

Joined: 09 May 2003
Posts: 25791
Location: The netherlands

PostPosted: Mon Sep 07, 2015 4:59 am    Post subject: Reply with quote

try GetThreadSelectorEntry
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites