| View previous topic :: View next topic |
| Author |
Message |
Dracons
Newbie cheater
![]() Reputation: 0
Joined: 08 Nov 2016
Posts: 16
|
 Posted: Wed Feb 01, 2017 12:07 pm Post subject: Need help in calculating addresses |
 |
|
Hello.
I've got a problem with my code in delphi. I would like to make almost the same thing like in the cheat engine. I mean adding addresses, offsets etc.
Let me explain it to you.
[img]zapodaj.net/images/6209652fd2dea.png[/img]
The first number is base address that I get from *exe file. In cheat engine I am getting a correct result. When I am adding the same thing in delphi it doesn't work correctly.
That's how it looks in CE:
1) 01150000 (address of exe file) + 0033EC50 (static pointer)->0C640008
2) 0C640008 + 3c0 (offset) -> 0C6403C8
In delphi it works correctly only when I have a correct result from first equation.
So the way what do I have to use in delphi is:
read the address of exe file in delphi, then take that address into CE and add the static pointer to get a reasult (0C640008).
When I have that result I can take it into delphi and add the offset into that, so from the second part of calculation (0C640008+3c0) it works fine in my program.
Why do I have a problem with first part then? Help me please.
Thanks. |
|
| Back to top |
|
 |
atom0s
Moderator
 Reputation: 198
Joined: 25 Jan 2006
Posts: 8517
Location: 127.0.0.1
|
| Posted: Wed Feb 01, 2017 3:05 pm Post subject: |
|
|
Be sure that you are adding things in hex and that you are not accidentally doing something as decimal.
_________________
- Retired. |
|
| Back to top |
|
|
Dracons
Newbie cheater
![]() Reputation: 0
Joined: 08 Nov 2016
Posts: 16
|
| Posted: Wed Feb 01, 2017 6:54 pm Post subject: |
|
|
For example this time I get client base address 001C0000. It's not decimal I believe (or it is?). It seem's like it's just getting an int after equation.
Spinedit7.value := $001C0000 + $0033EC50 + $3c0; --> 5238800 |
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 458
Joined: 09 May 2003
Posts: 25284
Location: The netherlands
|
| Posted: Thu Feb 02, 2017 2:51 am Post subject: |
|
|
http://forum.cheatengine.org/viewtopic.php?t=422516
you need to read the pointer value in memory on each step, not just add it
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
SunBeam
I post too much
 Reputation: 65
Joined: 25 Feb 2005
Posts: 4022
Location: Romania
|
| Posted: Thu Feb 02, 2017 4:09 am Post subject: |
|
|
| ^ True story. |
|
| Back to top |
|
|
Dracons
Newbie cheater
![]() Reputation: 0
Joined: 08 Nov 2016
Posts: 16
|
| Posted: Thu Feb 02, 2017 11:06 am Post subject: |
|
|
| Code: | BaseAddress := (GetBasePointerOfModule(PID, 'DBL Client.exe') + $0033EC50);
Edit10.Text := IntToHex(BaseAddress,8); ->0171EC50
Edit11.Text := IntToHex($013E0000 + $0033EC50, 8); ->0171EC50
//and/or
Address := Integer(GetModuleBaseAddress(ProcessID, 'DBL Client.exe')) + Integer($0033EC50);
Edit12.Text := inttohex(address,8); ->0171EC50
|
CE Shows that it should be 08B260E8. I have always the same result. Different than in CE.
[img] zapodaj.net/5f1a586bf6e39.png.ht ml[/img]
WTF is wrong with my code? xd |
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 458
Joined: 09 May 2003
Posts: 25284
Location: The netherlands
|
| Posted: Thu Feb 02, 2017 11:23 am Post subject: |
|
|
where is your readprocessmemory call ?
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
SunBeam
I post too much
Reputation: 65
Joined: 25 Feb 2005
Posts: 4022
Location: Romania
|
| Posted: Thu Feb 02, 2017 11:35 am Post subject: |
|
|
| My impression is he using someone else's code without understanding it. And blindly figuring it out.. |
|
| Back to top |
|
|
Dracons
Newbie cheater
![]() Reputation: 0
Joined: 08 Nov 2016
Posts: 16
|
| Posted: Thu Feb 02, 2017 11:39 am Post subject: |
|
|
When I just want to get a proper address of the process I don't need the readprocessmemory function I believe.
Edit11.Text := IntToHex($013E0000 + $0033EC50,  ; ->0171EC50
I just want to receive proper address. In that case 08B260E8. |
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 458
Joined: 09 May 2003
Posts: 25284
Location: The netherlands
|
| Posted: Thu Feb 02, 2017 11:50 am Post subject: |
|
|
you need to call readProcessMemory on address ($013E0000 + $0033EC50=)$171EC50 and read the 4 bytes there, interpret it as an address and add the value $3c0 to THAT
http://forum.cheatengine.org/viewtopic.php?t=422516
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Dracons
Newbie cheater
![]() Reputation: 0
Joined: 08 Nov 2016
Posts: 16
|
| Posted: Thu Feb 02, 2017 12:17 pm Post subject: |
|
|
| To difficult for me. Thanks. |
|
| Back to top |
|
|
SunBeam
I post too much
Reputation: 65
Joined: 25 Feb 2005
Posts: 4022
Location: Romania
|
| Posted: Thu Feb 02, 2017 12:29 pm Post subject: |
|
|
| Dracons wrote: | | To difficult for me. Thanks. |
Hahaha, what did I tell you?  He's using someone's code to do some stuff he wants, but he's clueless as to what you're explaining here. Hope the below sends him the message: ReadProcessMemory is an API, having this setup:
| Code: | BOOL WINAPI ReadProcessMemory(
_In_ HANDLE hProcess,
_In_ LPCVOID lpBaseAddress,
_Out_ LPVOID lpBuffer,
_In_ SIZE_T nSize,
_Out_ SIZE_T *lpNumberOfBytesRead
); |
Simply adapt it to your coding language (find examples online) and use it to read a pointer:
This is your code:
| Code: | BaseAddress := (GetBasePointerOfModule(PID, 'DBL Client.exe') + $0033EC50);
Edit10.Text := IntToHex(BaseAddress,8); ->0171EC50
Edit11.Text := IntToHex($013E0000 + $0033EC50, 8); ->0171EC50
//and/or
Address := Integer(GetModuleBaseAddress(ProcessID, 'DBL Client.exe')) + Integer($0033EC50);
Edit12.Text := inttohex(address,8); ->0171EC50 |
Do you understand that "BaseAddress := (GetBasePointerOfModule(PID, 'DBL Client.exe') + $0033EC50);" gets you to 0171EC50? Then what you need to do is READ the content of 171EC50 -> ReadProcessMemory(PID,0171EC50,pBuffer,4,&x) = y. Then y+3C0 = your wanted address.
See the second CODE section here: https://www.unknowncheats.me/forum/1278831-post8.html.
| Code: | | ReadProcessMemory(GameHandle, ptr(Address), @puffer, sizeof(puffer), Bytesread); |
BR,
Sun |
|
| Back to top |
|
|
Dracons
Newbie cheater
![]() Reputation: 0
Joined: 08 Nov 2016
Posts: 16
|
| Posted: Thu Feb 02, 2017 3:41 pm Post subject: |
|
|
| Quote: | | Simply adapt it to your coding language (find examples online) and use it to read a pointer: |
I've seen examples... but they're reading strings/integers. I need to read double of that pointer value.
| Code: | function MemReadDouble(Address: Cardinal): Double; //Read adress:value
var
ProcId: Cardinal;
tProc: THandle;
NBR: Cardinal;
value:double;
begin
GetWindowThreadProcessId(FindWindow('WINDOWHERE',Nil), @ProcId);
tProc:= OpenProcess(PROCESS_ALL_ACCESS, False, ProcId);
ReadProcessMemory(tProc, Ptr(Address), @value, 8, NBR);
CloseHandle(tProc);
Result:=value;
end;
|
But it seems like firstly I need to get address of that whole pointer.
I don't think it will work like:
round(memreaddouble($013E000 +$0033EC50+$3c0 |
|
| Back to top |
|
|
SunBeam
I post too much
Reputation: 65
Joined: 25 Feb 2005
Posts: 4022
Location: Romania
|
| Posted: Thu Feb 02, 2017 10:04 pm Post subject: |
|
|
The result of reading the content of a POINTER is a DWORD MEMORY ADDRESS. Your double value is aaaaaaaall the way at the end of the process, when you apply offset 0x3C0 to what you read with ReadProcessMemory!!
x = 13E000 + 33EC50 (look at this in CE's Memory View, what do you see there?)
Then take those 4 bytes, swap them (read them from right to left) 2 by 2 and access the content of it. Then go to 3C0 from that and you'll find your double.
e.g.:
x = 13E000 + 33EC50 = 47CC50 (this is a memory ADDRESS that works like a POINTER; meaning its VALUE is another address; a memory address having as value another address is called a POINTER)
So, in Memory View, bottom part, when you go to 47CC50, you see this:
47CC50 xx xx xx xx | xx xx xx xx | xx xx xx xx | xx xx xx xx
47CC60 .. .. .. .. | etc
47CC70 .. .. .. .. | etc
Let's say 47CC50 holds these bytes: 5C 24 87 00. Then this is an address, if you read it from right to left -> 0087245C.
In short: x = 13E000 + 33EC50 = 47CC50; [x] = [47CC50] = 87245C.
Then you apply 3C0 to 87245C -> 87245C+3C0 = 87281C. Then you read its value -> [87281C] = your double.
So:
a = ReadProcessMemory(13E000+33EC50) = ReadProcessMemory(47CC50) -> result is 0087245C, an address
b = ReadProcessMemory(a+3C0) = ReadProcessMemory(87245C+3C0) = ReadProcessMemory(87281C) -> result is your double value
You basically need the DWORD to be read, then you can convert it to whatever type you want.
BR,
Sun |
|
| Back to top |
|
|
Dracons
Newbie cheater
![]() Reputation: 0
Joined: 08 Nov 2016
Posts: 16
|
| Posted: Sat Feb 04, 2017 4:43 am Post subject: |
|
|
Thank you guys. You can close the topic and mark it as solved.
Greetings! |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
