Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


EntryPoint, Base Address and Offsets. Need a little bit help

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
Syncretic
How do I cheat?
Reputation: 0

Joined: 20 Feb 2014
Posts: 8

PostPosted: Sat Feb 22, 2014 3:12 pm    Post subject: EntryPoint, Base Address and Offsets. Need a little bit help Reply with quote

I've been coding some native with Java using the JNA API. I've gotten the code to read from memory, and most recently implemented a function that should return the base address, but I am not sure it really outputs the correct address.

Snippet of the code (full function here)
Code:
   public int getBaseAddress() {
      
      try {
                Pointer hProcess = Nexus.getPointer();
                toConsole(hProcess.toString());
               
   
                List<Module> hModules = PsapiTools.getInstance().EnumProcessModules(hProcess);
                toConsole(hModules.toString());
               
                for(Module m: hModules){
                   toConsole(m.getFileName());
//                        if(m.getFileName().contains("NexusTK.exe")){
                                System.out.println((m.getFileName() + ": 0x" + Long.toHexString(Pointer.nativeValue(m.getEntryPoint()))));
                                System.out.println(m.getLpBaseOfDll());
                                System.out.println(Integer.valueOf("" + Pointer.nativeValue(m.getLpBaseOfDll())));
                                return Integer.valueOf("" + Pointer.nativeValue(m.getLpBaseOfDll()));
//                        }
                }
        } catch (Exception e) {  e.printStackTrace(); }
        return -1;
}



I found a multi-level pointer, starting at
"NexusTK.exe"+0000025C
and I am not even fully sure how the Cheat Engine does its offset arithmetic, [00174000+514] -> 0017456C?

But that is whole other issue. The offsets are 4byte integers I might add.

These are the outputs I get in the console
Entry Point: 0x400000
LpBaseOfDll: native@0x516c8e
Value of LpBaseOfDll: 5336206 (Just the decimal conversion of lpbaseofdll?)

My question:

Do I have the right base address of the process? And if I do, how would I go about adding the offsets from my code?


Last edited by Syncretic on Sun Feb 23, 2014 8:30 pm; edited 1 time in total
Back to top
View user's profile Send private message AIM Address
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25252
Location: The netherlands

PostPosted: Sat Feb 22, 2014 4:31 pm    Post subject: Reply with quote

your entry point seems to be switched with the base of dll
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Syncretic
How do I cheat?
Reputation: 0

Joined: 20 Feb 2014
Posts: 8

PostPosted: Sat Feb 22, 2014 4:50 pm    Post subject: Reply with quote

Do you think I got the right address from the .exe process though? an Enumerate symbols & dll's of CE points to 0x400000 as well. But how does that correlate with the "NexusTK.exe"+0000025C found in my pointer? And how would I add the offsets?
Back to top
View user's profile Send private message AIM Address
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25252
Location: The netherlands

PostPosted: Sun Feb 23, 2014 5:41 am    Post subject: Reply with quote

You must read the 4/8 byte value at 0040025c (this address is weird though)
Check out http://forum.cheatengine.org/viewtopic.php?t=422516

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Syncretic
How do I cheat?
Reputation: 0

Joined: 20 Feb 2014
Posts: 8

PostPosted: Sun Feb 23, 2014 3:17 pm    Post subject: Reply with quote

Thanks for the link, really informative and helped me understand the offset arithmetic. That alone deserves a donation, not to mention developing CE and most importantly taking the time to help out enthusiasts like me.

Now, you mention my address seems weird, and I agree so. When I read the value of the address, add the new offset of the first level in the pointer, I get a '???' value.

I've sent you a PM with two imgur links showing you my "Enumerate DLL" dump of the process. It shows the same as the console output of my code, how am I not getting the right address? I've also included the Pointer that I'm working off in case that helps anything.



Back to top
View user's profile Send private message AIM Address
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25252
Location: The netherlands

PostPosted: Sun Feb 23, 2014 3:57 pm    Post subject: Reply with quote

The address seems to be correct (the weird part is that that part in memory is usually not very "pointery", or does not take into account the random offset stack start )

Anyhow, based on the second image this is what happens

It reads the 4 byte value at 0040025c (00174000)
To that value it adds 3a4 (00174000+3a4=001743a4) and reads the 4 byte value stored at the address it represents (001744b8)
To that value it adds 104 (001744b8+104=001745bc) and reads the 4 byte value stored at the address it represents (002101d0)
...

Eventually it gets to the correct address

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Syncretic
How do I cheat?
Reputation: 0

Joined: 20 Feb 2014
Posts: 8

PostPosted: Sun Feb 23, 2014 4:54 pm    Post subject: Reply with quote

Weird thing is when I try to read from CE manually, I got other values than described in the Pointer instructions.

Code:
Address          Type          Value
0040025c        4 Bytes      1523712
(Pointer dictates this to evaluate 00174000?)

How come I get different values?
Back to top
View user's profile Send private message AIM Address
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25252
Location: The netherlands

PostPosted: Sun Feb 23, 2014 6:06 pm    Post subject: Reply with quote

174000 hexadecimal=1523712 decimal
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Syncretic
How do I cheat?
Reputation: 0

Joined: 20 Feb 2014
Posts: 8

PostPosted: Sun Feb 23, 2014 6:37 pm    Post subject: Reply with quote

.. shit.
Back to top
View user's profile Send private message AIM Address
Rydian
Grandmaster Cheater Supreme
Reputation: 31

Joined: 17 Sep 2012
Posts: 1358

PostPosted: Sun Feb 23, 2014 8:10 pm    Post subject: Reply with quote

It happens!

You can right-click a table entry and change it's hex/dec and signed/unsigned display settings.

_________________
Back to top
View user's profile Send private message
Syncretic
How do I cheat?
Reputation: 0

Joined: 20 Feb 2014
Posts: 8

PostPosted: Mon Feb 24, 2014 12:36 pm    Post subject: Reply with quote

Thanks Rydian, helping me out a lot finding all the new addresses & values that I need.

What's now weird is how I can find the exact address that correlates to the amount of items in a stack that my character holds. When I drop one from the stack and decrease the value, the address value will follow.

I examine what accesses the Address, get exactly one opcode, pointing me to a certain ESI value. I go to CE, switch the filter to Hex and search for the address as being a value. No results.

This only happens when I examine stackable items, in which case it happens for all. How can I find the x/y coordinate addresses without problems but not the root of these types?
Back to top
View user's profile Send private message AIM Address
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites