Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Process name+Address?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
xtreamaj
Cheater
Reputation: 0

Joined: 28 May 2007
Posts: 34
Location: Behind you

PostPosted: Sat Aug 21, 2010 10:26 am    Post subject: Process name+Address? Reply with quote

Hello,
I've noticed some addresses appear like this while scanning some values
Process.exe+Address or something.dll+address

I did notice that for some people it would appear differently from me (the calculation after Process+address)
What does this mean, And can i put this type of address in C?
Back to top
View user's profile Send private message AIM Address Yahoo Messenger
Objectivity
How do I cheat?
Reputation: 0

Joined: 14 Aug 2010
Posts: 1

PostPosted: Sat Aug 21, 2010 11:50 am    Post subject: Reply with quote

It's not an address, its the offset.

Yes, it can be done in "C" and "CE"
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Sat Aug 21, 2010 2:50 pm    Post subject: Re: Process name+Address? This post has 1 review(s) Reply with quote

xtreamaj wrote:
Hello,
I've noticed some addresses appear like this while scanning some values
Process.exe+Address or something.dll+address

I did notice that for some people it would appear differently from me (the calculation after Process+address)
What does this mean, And can i put this type of address in C?


It is symbol+offset, not +address. And yes you can obtain the symbol addresses in C, you can use either:

- CreateToolhelp32Snapshot with Process32First/Module32First
- PSAPI using EnumProcessModules / EnumProcessModulesEx
- Or various other methods such as Nt API or manually walking the process information and so on.

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
xtreamaj
Cheater
Reputation: 0

Joined: 28 May 2007
Posts: 34
Location: Behind you

PostPosted: Sat Aug 21, 2010 5:33 pm    Post subject: Re: Process name+Address? Reply with quote

Wiccaan wrote:
xtreamaj wrote:
Hello,
I've noticed some addresses appear like this while scanning some values
Process.exe+Address or something.dll+address

I did notice that for some people it would appear differently from me (the calculation after Process+address)
What does this mean, And can i put this type of address in C?


It is symbol+offset, not +address. And yes you can obtain the symbol addresses in C, you can use either:

- CreateToolhelp32Snapshot with Process32First/Module32First
- PSAPI using EnumProcessModules / EnumProcessModulesEx
- Or various other methods such as Nt API or manually walking the process information and so on.

Could i please get more information on how to use it.. I have never seen that kind of instruction before
Back to top
View user's profile Send private message AIM Address Yahoo Messenger
XaLeX
Expert Cheater
Reputation: 0

Joined: 19 Aug 2008
Posts: 226

PostPosted: Sat Aug 21, 2010 5:40 pm    Post subject: Re: Process name+Address? Reply with quote

xtreamaj wrote:
Wiccaan wrote:
- CreateToolhelp32Snapshot with Process32First/Module32First
- PSAPI using EnumProcessModules / EnumProcessModulesEx
- Or various other methods such as Nt API or manually walking the process information and so on.

Could i please get more information on how to use it.. I have never seen that kind of instruction before
Those are all functions. check the MicroSoft Developer Network for info about how to use them.[/url]
Back to top
View user's profile Send private message
Grytolle
How do I cheat?
Reputation: 0

Joined: 27 Nov 2006
Posts: 6

PostPosted: Sat Aug 21, 2010 6:28 pm    Post subject: Reply with quote

So which function should the poster read up on in order to find out how to find the AllocationBase (as it seems to be called in CE's memory view) of a certain module (plus.dll, as it happens)?
_________________
Reputation: 0? No way, it should be "101" since I'm so fynny
Back to top
View user's profile Send private message
justa_dude
Grandmaster Cheater
Reputation: 23

Joined: 29 Jun 2010
Posts: 891

PostPosted: Sun Aug 22, 2010 7:38 am    Post subject: Reply with quote

Any of the options Wicca gave would work. A module's handle is equivalent to the address at which it is loaded. A Windows executable is also a module, so you can get the virtual base by requesting a handle to the executable. If you're running from an injected DLL, it's a little easier - you can simply call GetModuleHandle.

Cheers,
adude
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Mon Aug 23, 2010 10:33 am    Post subject: Re: Process name+Address? Reply with quote

xtreamaj wrote:
Could i please get more information on how to use it.. I have never seen that kind of instruction before


As XaLeX pointed out, all the information you need for each of the API I listed can be found on the MSDN. You can find tons of examples on these forums, as well as with Google if you need further assistance with understanding them.

Grytolle wrote:
So which function should the poster read up on in order to find out how to find the AllocationBase (as it seems to be called in CE's memory view) of a certain module (plus.dll, as it happens)?


The API I listed work in similar ways but only one of the methods is needed to obtain the info. It is up to you which one you pick. The game may have anti-cheat measures to block one or more of the methods above as well, so you need to check and see which works best for your situation.

For CreateToolhelp32Snapshot method, look up:
- CreateToolhelp32Snapshot
- Process32First
- Process32Next
- Module32First
- Module32Next
- CloseHandle

For EnumProcessModules method, look up:
- OpenProcess
- EnumProcessModules or EnumProcessModulesEx
- GetModuleBaseName
- GetModuleFileNameEx
- GetModuleInformation

There are other methods you can do yourself as well but for a beginner level, using API is probably your better / faster choice.

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites