Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


:SOLVED: [From CE to CPP] ReadProcessMemory issues

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
ninjatuna
How do I cheat?
Reputation: 0

Joined: 11 Oct 2015
Posts: 3
PostPosted: Sun Oct 11, 2015 2:19 pm    Post subject: :SOLVED: [From CE to CPP] ReadProcessMemory issues Reply with quote
:SOLVED:

Hi folks,

I've found a static address for some incoming chat i'd like to read from a process.

I am confident this is the static address I need: ["game.exe" + 0x44E498]

upon reading this address with a small cpp program, the value is garbage, distinct from what i see in CE

below is the nuts and bolt of my code
-dwGetModuleBaseAddress is derived from research elsewhere on this forum and, upon debugging, gave the correct address
-the calculated target address matches the address in the CE
-in order to successfully run this code, it was necessary to build and run the exe as admin
-my intention is to do some analysis on incoming chat
Code:

void ReadMemory(char *caption, char *modName, int offset, char *out, int size)
{
   DWORD pid;
   SIZE_T readBytes;
   HWND hwnd;
   hwnd = FindWindow(NULL,caption);
   assert(hwnd);
   GetWindowThreadProcessId(hwnd,&pid);
   HANDLE phandle = OpenProcess(PROCESS_VM_READ,0,pid);
   assert(phandle);
   DWORD_PTR base = dwGetModuleBaseAddress(pid, "game.exe");
   assert(base);
   std::cout << "base address: " << base << std::endl << "offset: " << offset << std::endl << "target address: " << (base+offset) << std::endl;
   ReadProcessMemory(phandle,(void*)(base+offset),&out,sizeof(out),&readBytes);
   std::cout << "read: " << readBytes << " bytes" << std::endl;
}

int main()
{
   std::cout<<"test"<<std::endl;
   char data[32];
   ReadMemory("Shaiya", "game.exe", 0x44E498, data, 32);
   std::cout << data << std::endl;
   std::cin.get();
   return 1;
}


Thanks for reading my post and hopefully it's something silly (easy) i'm missing Smile

EDIT1- Fixed the issue, though i'm still not 100% where the problem was, code included below for your perusal. (thanks to all those who offered help)

    Code:
    // ShaiyaApi.h
    #include <Windows.h>
    #include <iostream>
    #include <string>
    #include <assert.h>
    #include "Psapi.h"
    #include <tlhelp32.h>
    #include <exception>
    #include <tchar.h>
    #ifdef ShaiyaApiDLL_EXPORTS
    #define SHAIYA_API __declspec(dllexport)
    #else
    #define SHAIYA_API __declspec(dllimport)
    #endif
     
    namespace Shaiya
    {
            const int IncomingChatOffset = 0x44E498;
            DWORD_PTR dwGetModuleBaseAddress(DWORD dwProcessIdentifier, TCHAR *szModuleName);
            class API
            {
            public:
                    SHAIYA_API std::string GetLastChat();
                    SHAIYA_API BOOL start();
                    SHAIYA_API void stop();
            private:
                    HANDLE _h;
                    DWORD _pid;
                    DWORD _GetShaiyaBaseAddress();
                    char* _ReadAtOffset(int offset, int length);
            };
    }
    Code:
    #include "ShaiyaApi.h"

    DWORD_PTR Shaiya::dwGetModuleBaseAddress(DWORD dwProcessIdentifier, TCHAR *szModuleName)
    {
       DWORD_PTR dwModuleBaseAddress = 0;
       HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, dwProcessIdentifier); 
       if (hSnapshot != INVALID_HANDLE_VALUE)
       {
          MODULEENTRY32 ModuleEntry32;
          ModuleEntry32.dwSize = sizeof(MODULEENTRY32);
          if (Module32First(hSnapshot, &ModuleEntry32))
          {
             do
             {
                if (_tcsicmp(ModuleEntry32.szModule, szModuleName) == 0)
                {
                   dwModuleBaseAddress = (DWORD_PTR)ModuleEntry32.modBaseAddr;
                   break;
                }
             }
             while (Module32Next(hSnapshot, &ModuleEntry32));
          }
          CloseHandle(hSnapshot);
       }
       return dwModuleBaseAddress;
    }

    BOOL Shaiya::API::start()
    {
       DWORD pid;
       GetWindowThreadProcessId(FindWindow(NULL,"Shaiya"),&pid);
       this -> _pid = pid;
       this -> _h = OpenProcess(PROCESS_VM_READ,0,pid);
       return (this->_h && this->_pid);
    }

    void Shaiya::API::stop()
    {
       this -> _pid = -1;
       CloseHandle(this -> _h);
       this -> _h = NULL;
    }

    DWORD Shaiya::API::_GetShaiyaBaseAddress()
    {
       if(!this->_h)
       {
          fprintf(stderr, "not connected to shaiya process");
          return -1;
       }
       return Shaiya::dwGetModuleBaseAddress(this->_pid, "game.exe");
    }

    char* Shaiya::API::_ReadAtOffset(int offset, const int length)
    {
       char Out[128];
       SIZE_T ReadBytes;
       DWORD base = this -> _GetShaiyaBaseAddress();
       if (base==-1)
       {
          fprintf(stderr, "failed to get base of shaiya process memory");
          return "";
       }
       if(!ReadProcessMemory(this -> _h,(LPCVOID)(base+offset),&Out,length,&ReadBytes)){
          fprintf(stderr, "failed to read shaiya process memory");
          return "";
       }
       else
       {
          std::cout << base << std::endl << ReadBytes << std::endl << Out;
          return Out;
       }
    }

    std::string Shaiya::API::GetLastChat()
    {
       return (std::string)Shaiya::API::_ReadAtOffset(Shaiya::IncomingChatOffset, 128);
    }


EDIT2- seems removing the cout in _ReadAtOffset makes the function yield garbage, but with that in place it works just fine. Does anyone have any thoughts on this?

Last edited by ninjatuna on Mon Oct 12, 2015 1:09 am; edited 2 times in total
Back to top
View user's profile Send private message
Zanzer
I post too much
Reputation: 126

Joined: 09 Jun 2013
Posts: 3278
PostPosted: Sun Oct 11, 2015 6:59 pm    Post subject: Reply with quote
When declared as a memory record in CE, is it ["game.exe"+0x44E498] or "game.exe"+0x44E498?
If the former, then you need to first read the pointer at the address you're currently reading.
Then read the 32-byte string at the returned address.
Back to top
View user's profile Send private message
ninjatuna
How do I cheat?
Reputation: 0

Joined: 11 Oct 2015
Posts: 3
PostPosted: Sun Oct 11, 2015 8:32 pm    Post subject: Reply with quote
Zanzer wrote:
When declared as a memory record in CE, is it ["game.exe"+0x44E498] or "game.exe"+0x44E498?
If the former, then you need to first read the pointer at the address you're currently reading.
Then read the 32-byte string at the returned address.


Hi, thanks for the response, I mean to say the value (base of the char array) is static at that address. My cheat table reads:

<ZeroTerminate>1</ZeroTerminate>
<Address>Game.exe+44E498</Address>
Back to top
View user's profile Send private message
Zanzer
I post too much
Reputation: 126

Joined: 09 Jun 2013
Posts: 3278
PostPosted: Sun Oct 11, 2015 9:52 pm    Post subject: Reply with quote
And your "std::cout" shows the correct base address, offset, and target address from CE?
Try removing the '&' from "out" when passing it to ReadProcessMemory.
Also, does sizeof(out) return the correct value of 32?
Back to top
View user's profile Send private message
ninjatuna
How do I cheat?
Reputation: 0

Joined: 11 Oct 2015
Posts: 3
PostPosted: Mon Oct 12, 2015 12:47 am    Post subject: Reply with quote
Thanks for the assistance folks, i've added some functional code above, do let me know if you can spot the difference since it's still puzzling me Smile
:SOLVED:
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites