 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Triloaded
How do I cheat?
![]() Reputation: 0
Joined: 26 Sep 2015
Posts: 4
|
 Posted: Sat Sep 26, 2015 5:15 am Post subject: [Help][C++] Writing a Memory |
 |
|
Hi,
I have a problem while writing a memory, but reading a memory address the result is correct.
| Code: | ReadProcessMemory(pHandle, (void*)(baseAddress + plus), &baseAddress, sizeof(baseAddress), 0);
ReadProcessMemory(pHandle, (void*)(baseAddress + offset1), &baseAddress, sizeof(baseAddress), 0);
ReadProcessMemory(pHandle, (void*)(baseAddress + offset2), &baseAddress, sizeof(baseAddress), 0);
thisFloat = *(float*)(&baseAddress); |
When I cout (thisFloat) value I can confirm that it's OK, because value has been read correctly, but next I have to chance the value. Value is shown correctly as float.
I have tried to create a byte array like this:
| Code: | | BYTE anyArray[4] = { 0x8, 0x3, 0x3, 0x3 }; // Should be 8333 as value? |
Then I've tried to write it like this:
| Code: | | WriteProcessMemory(pHandle, (void*)baseAddress, &anyArray, sizeof(anyArray), 0); |
Nothing happens. Why?
Also I have tried VirtualProtectEx before trying to change this address value like this:
| Code: | unsigned long oldProt;
VirtualProtectEx(pHandle, (void*)baseAddress, 4, PAGE_EXECUTE_READWRITE, &oldProt); |
And I've confirmed that the value DOESN'T NOT need to be freezed to work. It simply doesn't make any changes to this memory address.
What I did wrong? Actually in C# I can make it work easily with byte array, but I want to learn at least a bit about C++
E: I've tried to search. Many searches brings me to CE forums, but none of the solutions didn't work. I'm trying to find simple solution.
Update: Found a GetLastError.
ERROR_INVALID_ADDRESS
487 (0x1E7)
Attempt to access invalid address.
How it is invalid address if I already just read it? Error pops up if I uncomment WriteProcessMemory line.
|
|
| Back to top |
|
 |
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Sat Sep 26, 2015 8:48 am Post subject: |
|
|
Wish I had some code setup where I could just give you the correct answer, but...
Try removing the & from "anyArray".
Also, 0x8 0x3 0x3 0x3 actually equals 0x03030308.
|
|
| Back to top |
|
|
Triloaded
How do I cheat?
![]() Reputation: 0
Joined: 26 Sep 2015
Posts: 4
|
| Posted: Sat Sep 26, 2015 2:10 pm Post subject: |
|
|
| Zanzer wrote: | Wish I had some code setup where I could just give you the correct answer, but...
Try removing the & from "anyArray".
Also, 0x8 0x3 0x3 0x3 actually equals 0x03030308. |
| Code: | #include "stdafx.h"
#include <iostream>
#include <Windows.h>
#include <tlhelp32.h>
#include <tchar.h>
using namespace std;
DWORD dwGetModuleBaseAddress(DWORD dwProcessIdentifier, TCHAR *lpszModuleName)
{
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwProcessIdentifier);
DWORD dwModuleBaseAddress = 0;
if (hSnapshot != INVALID_HANDLE_VALUE)
{
MODULEENTRY32 ModuleEntry32 = { 0 };
ModuleEntry32.dwSize = sizeof(MODULEENTRY32);
if (Module32First(hSnapshot, &ModuleEntry32))
{
do
{
if (_tcscmp(ModuleEntry32.szModule, lpszModuleName) == 0)
{
dwModuleBaseAddress = (DWORD)ModuleEntry32.modBaseAddr;
break;
}
} while (Module32Next(hSnapshot, &ModuleEntry32));
}
CloseHandle(hSnapshot);
}
return dwModuleBaseAddress;
}
int main()
{
HWND hwnd;
// Base Address of Process ID.
DWORD baseAddress;
DWORD procId = 0;
// Offsets
int plus = 0x010FD164;
int offset1 = 0x0;
int offset2 = 0x210;
HANDLE pHandle;
float amount;
unsigned long oldProt;
BYTE bytesSend[1] = { 0x03030308 };
int value = 0;
cout << "________________________" << endl << endl << " Test" << endl << "________________________" << endl << endl;
Sleep((int)2000);
hwnd = FindWindow(NULL, L"Client");
if (hwnd) {
cout << " # Client found..." << endl;
GetWindowThreadProcessId(hwnd, &procId);
pHandle = OpenProcess(PROCESS_ALL_ACCESS, false, procId);
baseAddress = dwGetModuleBaseAddress(procId, _T("Client.exe"));
cout << " # Process ID: " << procId << endl << " # Base Address: " << baseAddress << endl << endl;
ReadProcessMemory(pHandle, (void*)(baseAddress + plus), &baseAddress, sizeof(baseAddress), 0);
ReadProcessMemory(pHandle, (void*)(baseAddress + offset1), &baseAddress, sizeof(baseAddress), 0);
ReadProcessMemory(pHandle, (void*)(baseAddress + offset2), &baseAddress, sizeof(baseAddress), 0);
amount = *(float*)(&baseAddress);
// VirtualProtectEx(pHandle, (void*)&baseAddress, 4, PAGE_READWRITE, &oldProt);
bool write = WriteProcessMemory(pHandle, (void*)baseAddress, bytesSend, sizeof(bytesSend), 0);
if (!write) {
DWORD lastError = GetLastError();
cout << endl << endl << endl << " - # - # Error: " << lastError;
}
}
cin.get();
return 0;
} |
Don't care about unused variables. Reading the same memory from the final address of "baseAddress" works fine, but Writing into it is mystery for me.
|
|
| Back to top |
|
|
ulysse31
Master Cheater
![]() Reputation: 2
Joined: 19 Mar 2015
Posts: 324
Location: Paris
|
| Posted: Sat Sep 26, 2015 3:21 pm Post subject: |
|
|
try this instead :
| Code: | | bool write = WriteProcessMemory(pHandle, (void*)baseAddress, &bytesSend, sizeof(bytesSend), 0); |
Let us know if it worked (added a & before your buffer).
Also you can tell the big picture, from my point of view it seems like you are trying to get an address that holds a value, and this address would be a 2 level pointers, is that right ?
Just in case this is a template i made last year to retrieve pointers :
| Code: | void getPointedAddress(int basePointerAddress, DWORD addressConcerned, char offsetNumber, int offset0, int offset1, int offset2, int offset3, int offset4)
{
int valuePointedBuffer(0);
int holdValue(0);
switch (offsetNumber)
{//Dont need to take case 0 into account
case '1':
ReadProcessMemory(hProc, (LPCVOID)basePointerAddress, &valuePointedBuffer, (DWORD)sizeof(readValueX), NULL);
holdValue = valuePointedBuffer + offset0;
break;
case '2':
ReadProcessMemory(hProc, (LPCVOID)basePointerAddress, &valuePointedBuffer, (DWORD)sizeof(readValueX), NULL);
holdValue = valuePointedBuffer + offset0;
ReadProcessMemory(hProc, (LPCVOID)holdValue, &valuePointedBuffer, (DWORD)sizeof(readValueX), NULL);
holdValue = valuePointedBuffer + offset1;
break;
case '3':
ReadProcessMemory(hProc, (LPCVOID)basePointerAddress, &valuePointedBuffer, (DWORD)sizeof(readValueX), NULL);
holdValue = valuePointedBuffer + offset0;
ReadProcessMemory(hProc, (LPCVOID)holdValue, &valuePointedBuffer, (DWORD)sizeof(readValueX), NULL);
holdValue = valuePointedBuffer + offset1;
ReadProcessMemory(hProc, (LPCVOID)holdValue, &valuePointedBuffer, (DWORD)sizeof(readValueX), NULL);
holdValue = valuePointedBuffer + offset2;
break;
case '4':
ReadProcessMemory(hProc, (LPCVOID)basePointerAddress, &valuePointedBuffer, (DWORD)sizeof(readValueX), NULL);
holdValue = valuePointedBuffer + offset0;
ReadProcessMemory(hProc, (LPCVOID)holdValue, &valuePointedBuffer, (DWORD)sizeof(readValueX), NULL);
holdValue = valuePointedBuffer + offset1;
ReadProcessMemory(hProc, (LPCVOID)holdValue, &valuePointedBuffer, (DWORD)sizeof(readValueX), NULL);
holdValue = valuePointedBuffer + offset2;
ReadProcessMemory(hProc, (LPCVOID)holdValue, &valuePointedBuffer, (DWORD)sizeof(readValueX), NULL);
holdValue = valuePointedBuffer + offset3;
//cout << "the adress containing your data is :" << hex << holdValue << endl;
break;
case '5':
ReadProcessMemory(hProc, (LPCVOID)basePointerAddress, &valuePointedBuffer, (DWORD)sizeof(readValueX), NULL);
holdValue = valuePointedBuffer + offset0;
ReadProcessMemory(hProc, (LPCVOID)holdValue, &valuePointedBuffer, (DWORD)sizeof(readValueX), NULL);
holdValue = valuePointedBuffer + offset1;
ReadProcessMemory(hProc, (LPCVOID)holdValue, &valuePointedBuffer, (DWORD)sizeof(readValueX), NULL);
holdValue = valuePointedBuffer + offset2;
ReadProcessMemory(hProc, (LPCVOID)holdValue, &valuePointedBuffer, (DWORD)sizeof(readValueX), NULL);
holdValue = valuePointedBuffer + offset3;
ReadProcessMemory(hProc, (LPCVOID)holdValue, &valuePointedBuffer, (DWORD)sizeof(readValueX), NULL);
holdValue = valuePointedBuffer + offset4;
break;
}
bufferAddress = holdValue;
}
|
Edit :
Ah I've noticed i told you the exact opposite Zanzer did so it's back to square 1.
Well I can think of 2 reasons :
1_ I think you are mixing up the value and the adress, let's say you get the pointer for your life in a game you are happy because you can print your life from the pointer atm.
But Whenever you read your life you update your address at the same time because this is what you use as a read buffer, so try changing the last read line by using another buffer like this :
| Code: | | ReadProcessMemory(pHandle, (void*)(baseAddress + offset2), &NewBuffer, sizeof(baseAddress), 0); |
And then when you write don't forget to re-add the offset like this :
| Code: | | bool write = WriteProcessMemory(pHandle, (void*)(baseAddress + offset2), bytesSend, sizeof(bytesSend), 0); |
Option 2 maybe the game is rewriting its value so fast you can't see yourself writing it, in which case just break with the debugger before you write.
Let me know if that helped,
Best of luck
|
|
| Back to top |
|
|
Triloaded
How do I cheat?
![]() Reputation: 0
Joined: 26 Sep 2015
Posts: 4
|
| Posted: Sat Sep 26, 2015 4:15 pm Post subject: |
|
|
| ulysse3131 wrote: | try this instead :
| Code: | | bool write = WriteProcessMemory(pHandle, (void*)baseAddress, &bytesSend, sizeof(bytesSend), 0); |
Let us know if it worked (added a & before your buffer).
Also you can tell the big picture, from my point of view it seems like you are trying to get an address that holds a value, and this address would be a 2 level pointers, is that right ?
Just in case this is a template i made last year to retrieve pointers :
| Code: | void getPointedAddress(int basePointerAddress, DWORD addressConcerned, char offsetNumber, int offset0, int offset1, int offset2, int offset3, int offset4)
{
int valuePointedBuffer(0);
int holdValue(0);
switch (offsetNumber)
{//Dont need to take case 0 into account
case '1':
ReadProcessMemory(hProc, (LPCVOID)basePointerAddress, &valuePointedBuffer, (DWORD)sizeof(readValueX), NULL);
holdValue = valuePointedBuffer + offset0;
break;
case '2':
ReadProcessMemory(hProc, (LPCVOID)basePointerAddress, &valuePointedBuffer, (DWORD)sizeof(readValueX), NULL);
holdValue = valuePointedBuffer + offset0;
ReadProcessMemory(hProc, (LPCVOID)holdValue, &valuePointedBuffer, (DWORD)sizeof(readValueX), NULL);
holdValue = valuePointedBuffer + offset1;
break;
case '3':
ReadProcessMemory(hProc, (LPCVOID)basePointerAddress, &valuePointedBuffer, (DWORD)sizeof(readValueX), NULL);
holdValue = valuePointedBuffer + offset0;
ReadProcessMemory(hProc, (LPCVOID)holdValue, &valuePointedBuffer, (DWORD)sizeof(readValueX), NULL);
holdValue = valuePointedBuffer + offset1;
ReadProcessMemory(hProc, (LPCVOID)holdValue, &valuePointedBuffer, (DWORD)sizeof(readValueX), NULL);
holdValue = valuePointedBuffer + offset2;
break;
case '4':
ReadProcessMemory(hProc, (LPCVOID)basePointerAddress, &valuePointedBuffer, (DWORD)sizeof(readValueX), NULL);
holdValue = valuePointedBuffer + offset0;
ReadProcessMemory(hProc, (LPCVOID)holdValue, &valuePointedBuffer, (DWORD)sizeof(readValueX), NULL);
holdValue = valuePointedBuffer + offset1;
ReadProcessMemory(hProc, (LPCVOID)holdValue, &valuePointedBuffer, (DWORD)sizeof(readValueX), NULL);
holdValue = valuePointedBuffer + offset2;
ReadProcessMemory(hProc, (LPCVOID)holdValue, &valuePointedBuffer, (DWORD)sizeof(readValueX), NULL);
holdValue = valuePointedBuffer + offset3;
//cout << "the adress containing your data is :" << hex << holdValue << endl;
break;
case '5':
ReadProcessMemory(hProc, (LPCVOID)basePointerAddress, &valuePointedBuffer, (DWORD)sizeof(readValueX), NULL);
holdValue = valuePointedBuffer + offset0;
ReadProcessMemory(hProc, (LPCVOID)holdValue, &valuePointedBuffer, (DWORD)sizeof(readValueX), NULL);
holdValue = valuePointedBuffer + offset1;
ReadProcessMemory(hProc, (LPCVOID)holdValue, &valuePointedBuffer, (DWORD)sizeof(readValueX), NULL);
holdValue = valuePointedBuffer + offset2;
ReadProcessMemory(hProc, (LPCVOID)holdValue, &valuePointedBuffer, (DWORD)sizeof(readValueX), NULL);
holdValue = valuePointedBuffer + offset3;
ReadProcessMemory(hProc, (LPCVOID)holdValue, &valuePointedBuffer, (DWORD)sizeof(readValueX), NULL);
holdValue = valuePointedBuffer + offset4;
break;
}
bufferAddress = holdValue;
}
|
Edit :
Ah I've noticed i told you the exact opposite Zanzer did so it's back to square 1.
Well I can think of 2 reasons :
1_ I think you are mixing up the value and the adress, let's say you get the pointer for your life in a game you are happy because you can print your life from the pointer atm.
But Whenever you read your life you update your address at the same time because this is what you use as a read buffer, so try changing the last read line by using another buffer like this :
| Code: | | ReadProcessMemory(pHandle, (void*)(baseAddress + offset2), &NewBuffer, sizeof(baseAddress), 0); |
And then when you write don't forget to re-add the offset like this :
| Code: | | bool write = WriteProcessMemory(pHandle, (void*)(baseAddress + offset2), bytesSend, sizeof(bytesSend), 0); |
Option 2 maybe the game is rewriting its value so fast you can't see yourself writing it, in which case just break with the debugger before you write.
Let me know if that helped,
Best of luck |
That helped! Thank you a lot! I don't know how did I even mixed those values O_O I thought that it reads to the ADDRESS, but looks like that I mixed the value and address. Stupid me. I spent many hours for trying to find a solution. Hope all the hair that I already ripped off with this problem grows back 
|
|
| Back to top |
|
|
ulysse31
Master Cheater
![]() Reputation: 2
Joined: 19 Mar 2015
Posts: 324
Location: Paris
|
| Posted: Sun Sep 27, 2015 1:47 pm Post subject: |
|
|
| Glad to see I could help
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
