Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Problem with value after offsets

Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
How do I cheat?
Reputation: 0

Joined: 04 Jan 2011
Posts: 7

PostPosted: Mon Oct 16, 2017 7:42 pm    Post subject: Problem with value after offsets Reply with quote

Quick overview. I have been through all the forums I have managed to write this code that is getting the base module address (Copied that function and cleaned it up) and I have processed all the offsets to get the pointer address that CE shows. The final address is the same as CE shows for the actual value.

I tested this by statically typing the address in read and it gets the correct value, I then also statically type the address in the read after all the offset adding. The weird thing is I am getting a different value after all that. Can someone point me in the right direction?

To reiterate after the processing of offsets I get 26CBAD796E8 as the final address which matches CE. I thought something was wrong with that, but after statically typing it in afterwords, I realized something else is happening.

Here is my code: EDITED** Cleaned up for readability / comments and removed the awful 5 if block deep statements.


#include "stdafx.h"
#include <windows.h>
#include <iostream>
#include <psapi.h>

// Forward declarations
void Exception(const char* message);
UINT64 GetModuleBase(const HANDLE& handle);

// 64-Bit memory read
int main()
   // Set the defaults
   UINT64 offsets[] = { 0x2C8, 0x740, 0x160, 0x100, 0x28 };
   HANDLE handle = NULL;
   try {

      // Find the window
      HWND myapp= FindWindow(NULL, L"My App");
      if ( ! myapp) {
         Exception("Failed to find the window.");

      // Get the Process ID
      DWORD pid = NULL;
      GetWindowThreadProcessId(myapp, &pid);
      if ( ! pid) {
         Exception("Failed getting the process ID.");

      // Get the process handle
      handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
      if ( ! handle) {
         Exception("Failed to get the process handle.");

      // Before reading stuff from memory
      INT64 before = 0;
      ReadProcessMemory(handle, (LPCVOID)0x28e839e26e8, &before, 4, NULL); // <--- Value is read as 1040 (which is correct)
      std::cout << "Before Reading and combining offsets: " << before << std::endl;

      // Combine the Module address and the base offset, then read the value of the combined
      UINT64 baseOffset = 0x01092710;
      UINT64 moduleAddress = GetModuleBase(handle);
      UINT64 combinedAddress = (UINT64)moduleAddress + baseOffset;
      ReadProcessMemory(handle, (LPCVOID)combinedAddress, &combinedAddress, sizeof(combinedAddress), NULL);

      // Iterate through the offsets and add them to the combinedAddress (moduleAddress + baseOffset)
      std::cout << "myapp.exe(" << std::hex << moduleAddress << ") + " << std::hex << baseOffset << " = " << std::hex << combinedAddress << std::endl;
      int offsetCount = sizeof(offsets) / sizeof(UINT64);
      for (int index = 0; index < offsetCount; index++) {
         std::cout << "[" << std::hex << combinedAddress << "+" << std::hex << offsets[index] << "] -> ";
         // Add the offset to the combinedAddress
         combinedAddress = combinedAddress + offsets[index];

         // If it isn't the last offset read the value from the combinedAddress otherwise the value of the last offset is the final address
         if ((index + 1) != offsetCount) {
            ReadProcessMemory(handle, (LPCVOID)combinedAddress, &combinedAddress, sizeof(combinedAddress), NULL);
         std::cout << std::hex << combinedAddress << std::endl;

      // Read the final address value
      INT64 value = 0;
      ReadProcessMemory(handle, (LPCVOID)0x28e839e26e8, &value, 4, NULL); // <--- Value is read as 410 (which is wrong, from the example first read at this address)
      std::cout << std::hex << combinedAddress << " = " << value << std::endl;

   catch (const std::exception& ex) {
      // Output the exception message that is thrown
      std::cout << "Exception Caught!" << ex.what() << std::endl;
   return 0;

// Helper method to throw an exception to save contant retyping std:: etc...
void Exception(const char* message)
   throw std::exception(message);

// Helper method to get the 64-Bit module address using the handle
UINT64 GetModuleBase(const HANDLE& handle)
   DWORD bytesRequired = NULL;
   if ( ! EnumProcessModules(handle, NULL, 0, &bytesRequired)) {
      Exception("Failed Enum Process Modules, 1st iteration.");
   if ( ! bytesRequired) {
      Exception("Failed to get bytesRequired.");
   LPBYTE moduleArrayBytes = (LPBYTE)LocalAlloc(LPTR, bytesRequired);
   if ( ! moduleArrayBytes) {
      Exception("Failed to get moduleArrayBytes.");
   unsigned int moduleCount;
   moduleCount = bytesRequired / sizeof(HMODULE);
   HMODULE *moduleArray = (HMODULE *)moduleArrayBytes;

   if ( ! EnumProcessModules(handle, moduleArray, bytesRequired, &bytesRequired)) {
      Exception("Failed Enum Process Modules, 2nd iteration.");
   UINT64 baseAddress = (DWORD_PTR)moduleArray[0];
   return baseAddress;

My output in console looks like this:

Before Reading and combining offsets: 1040
myapp.exe(7ff693a60000) + 1092710 = 26c945113a0
[26c945113a0+2c8] -> 26c94511650
[26c94511650+740] -> 26cbaabc000
[26cbaabc000+160] -> 26cb8f36400
[26cb8f36400+100] -> 26cbad796c0
[26cbad796c0+28] -> 26cbad796e8
26cbad796e8 = 410
Back to top
View user's profile Send private message
How do I cheat?
Reputation: 0

Joined: 04 Jan 2011
Posts: 7

PostPosted: Tue Oct 17, 2017 7:20 pm    Post subject: Found the issue Reply with quote

After doing some debugging I found out that all the std::cout I had were messing it up in the end. After commenting them all out except the last one where I am outputting the final value of the final combinedAddress I was getting the correct value that I was expecting from the beginning.

If anyone is knowledgeable to this issue, I would love an explanation to what exactly was happening. Thanks anyways.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum

Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites