Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


CE Pointer in C++

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
Filipe_Br
Master Cheater
Reputation: 3

Joined: 07 Jan 2016
Posts: 272
Location: My house
PostPosted: Sun Feb 05, 2017 1:42 pm    Post subject: CE Pointer in C++ Reply with quote
If I have the following pointer:
Code:
"Tutorial-i386.exe"+1FC5D0
offset: 480

How can I get the address it is pointing in C ++.
I know how the pointers work, although I do not know how to get the module address.
_________________
...
Back to top
View user's profile Send private message
Zanzer
I post too much
Reputation: 126

Joined: 09 Jun 2013
Posts: 3278
PostPosted: Sun Feb 05, 2017 2:03 pm    Post subject: Reply with quote
Well, you knew exactly what you needed.
Couldn't go the extra step and use the search?
c++ module address
Back to top
View user's profile Send private message
Filipe_Br
Master Cheater
Reputation: 3

Joined: 07 Jan 2016
Posts: 272
Location: My house
PostPosted: Sun Feb 05, 2017 2:30 pm    Post subject: Reply with quote
I think the bad translation, I did not understand exactly what you mean.
But what I want to know is the name of a function and its parameters.
I'm sure it would getModule ...
More has several "GetModule ..." could tell me what would be ideal, to get the address of the module contained in another process.
_________________
...
Back to top
View user's profile Send private message
Zanzer
I post too much
Reputation: 126

Joined: 09 Jun 2013
Posts: 3278
PostPosted: Sun Feb 05, 2017 2:39 pm    Post subject: Reply with quote
I'll use atom0s' canned answer.
atom0s wrote:
You can find this information using:
- CreateToolhelp32Snapshot
- Process32First / Process32Next
- Module32First / Module32Next
Back to top
View user's profile Send private message
STN
I post too much
Reputation: 42

Joined: 09 Nov 2005
Posts: 2672
PostPosted: Sun Feb 05, 2017 8:14 pm    Post subject: Reply with quote
Use the CreateToolhelp32Snapshot APIs, in the MODULEENTRY32 structure, there will be base address. Grab that then add your offset to it.

If all of this seem hard, you can even search for c++ trainer templates, i had one but lost it somewhere but someone else out there must have it. Last i searched, i found several templates with FindWindow combination and Toolhelp combination of API.

If you're still clueless, do the basics right and learn a programnming language or stick to CE.

Mod edited to remove the off-topic attacks.
_________________
Cheat Requests/Tables- Fearless Cheat Engine
https://fearlessrevolution.com
Back to top
View user's profile Send private message
Thiago
Newbie cheater
Reputation: 0

Joined: 30 Jan 2017
Posts: 18
PostPosted: Wed Feb 08, 2017 10:11 am    Post subject: Reply with quote
Code:
 // HS4L.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"
#include <Windows.h>
#include <iostream>
#include <tlhelp32.h>
#include <cstdlib>

using namespace std;

// gets the main thread of given process


DWORD GetModuleBase(WCHAR* lpModuleName, DWORD dwProcessId)
{
   MODULEENTRY32 lpModuleEntry = { 0 };
   HANDLE hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwProcessId);

   if (!hSnapShot)
      return NULL;
   lpModuleEntry.dwSize = sizeof(lpModuleEntry);
   BOOL bModule = Module32First(hSnapShot, &lpModuleEntry);
   while (bModule)
   {
      if (!wcscmp(lpModuleEntry.szModule, lpModuleName))
      {
         CloseHandle(hSnapShot);
         return (DWORD)lpModuleEntry.modBaseAddr;
      }
      bModule = Module32Next(hSnapShot, &lpModuleEntry);
   }
   CloseHandle(hSnapShot);
   return NULL;
}


DWORD GetProcessID(WCHAR* szExeName)
{
   PROCESSENTRY32 pe = { sizeof(PROCESSENTRY32) };
   HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

   if (Process32First(hSnapshot, &pe))
      while (Process32Next(hSnapshot, &pe))
         if (!wcscmp(pe.szExeFile, szExeName))
            return pe.th32ProcessID;

   return NULL;
}

int HS4LProcess(WCHAR* Process)
{
   DWORD dwProcessID = 0;
   while (dwProcessID == 0)
   {
      dwProcessID = GetProcessID(Process);
      if (dwProcessID != 0)
         Sleep(100);
   }
   return dwProcessID;
}


int FindPointer(int offset, HANDLE  Process, int baseaddr, int offsets[])
{
   int Address = baseaddr;
   int total = offset;
   for (int i = 0; i < total; i++) //Loop trough the offsets
   {
      ReadProcessMemory(Process, (LPCVOID)Address, &Address, 4, NULL);
      Address += offsets[i];
   }
   return Address;
}

void HS4LWriteProcessMemory(WCHAR* Process, DWORD address, int value)
{
   DWORD old;
   HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, HS4LProcess(Process));
   VirtualProtect((PBYTE)address, 4, PAGE_EXECUTE_READWRITE, &old);
   WriteProcessMemory(hProcess, (LPVOID)address, &value, sizeof(value), NULL);
   VirtualProtect((PBYTE)address, 4, old, NULL);
}

void HS4LWriteProcessPointerOffset(WCHAR* Process, DWORD Address, int offsets[], DWORD NumerOffset, int value)
{
   DWORD old;
   DWORD Base = (DWORD)GetModuleBase(Process, HS4LProcess(Process));
   HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, HS4LProcess(Process));
   int PointerOffset = FindPointer(NumerOffset, hProcess, (DWORD)Base + Address, offsets);//number of offsets, HANDLE, base address, offsets
   VirtualProtect((PBYTE)PointerOffset, 4, PAGE_EXECUTE_READWRITE, &old);
   WriteProcessMemory(hProcess, (LPVOID)PointerOffset, &value, sizeof(value), NULL);
   VirtualProtect((PBYTE)PointerOffset, 4, old, NULL);
}

int main()
{

   bool on = true;

   ShowWindow(GetConsoleWindow(), SW_HIDE);

   std::cout << "Abra o main.exe\n\n esperando...\n";
   int offsets[] = { 0x4, 0xC0, 0x158 };

   BYTE jnp[2] = { '\xEB', '\x22' };

   DWORD JNPAddr = 0x0044DD8C;
   // 0x0044DDB0

   HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, HS4LProcess(L"main.exe"));

   DWORD old;

   VirtualProtectEx(hProcess, (LPVOID)JNPAddr, 4, PAGE_EXECUTE_READWRITE, &old);

   WriteProcessMemory(hProcess, (LPVOID)JNPAddr, &jnp, sizeof(jnp)-1, NULL);

   VirtualProtectEx(hProcess, (LPVOID)JNPAddr, 4, old, NULL);

   int i = 0;

   while (1) {

      if (GetAsyncKeyState(VK_F2) && on) {

         HS4LWriteProcessPointerOffset(L"main.exe", (DWORD)0x0041D614, offsets, 3, (long)0);

         on = !on;

      } else if (GetAsyncKeyState(VK_F2) && !on) {
            
         for (int i = 0; i < 10000; i++) {
            HS4LWriteProcessPointerOffset(L"main.exe", (DWORD)0x0041D614, offsets, 3, (long)1109377941);
         }

         on = !on;

      } else if (GetAsyncKeyState(VK_F5)) {

         break;

      }

   }
   
   //HS4LWriteProcessMemory(L"Tutorial-i386.exe", (DWORD)0x017BC138, (long)20);
   std::cout << "Hacking\n";
   system("pause");
   system("taskkill /f /im cmd.exe");
   return 0;
}


Does it help you?
_________________
I'm newbie ...
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites