 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
jojunior1995
How do I cheat?
![]() Reputation: 0
Joined: 11 May 2011
Posts: 4
|
 Posted: Wed May 11, 2011 8:02 pm Post subject: Getting base address of a process |
 |
|
Hello guys!
I'm brazilian and I have an advanced knowledge in Delphi.
I have a question about Pointers in Delphi.
I know how read/write an address that are Multi Level Pointer.
But I don't know how to find the base address in Delphi.
The CE writes thus:
"Game.exe"+XXXXXXXX
I need to find the address of "Game.exe" to make my trainers :/
Can someone help me? 
Thanks!
|
|
| Back to top |
|
 |
Krähne
Expert Cheater
 Reputation: 0
Joined: 06 Jun 2010
Posts: 108
Location: Inside of my Kernel
|
|
| Back to top |
|
|
jojunior1995
How do I cheat?
![]() Reputation: 0
Joined: 11 May 2011
Posts: 4
|
| Posted: Thu May 12, 2011 8:37 pm Post subject: |
|
|
Wow, thank you.
The prams will not be a problem to me.
I have made a function but it hasn't work.
I did like this:
| Code: | function GetProcessModuleByName(PID: Cardinal; ModuleName: String): Cardinal;
var
Snap: THandle;
M32: TModuleEntry32;
begin
Snap := CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,PID);
if (Snap = 0) then
Exit;
if Module32First(Snap, M32) then begin
repeat
if ModuleName = M32.szModule then begin
Result := Cardinal(M32.modBaseAddr);
Break;
end;
until not Module32Next(Snap, M32);
end;
end; |
Hehe...
Thank you man.
@EDIT
:/
It crashes on 17th line.
On the third parameter, it looks like this:
| Code: | | Incompatible types: 'Array' and 'PAnsiChar' |
I've tried:
| Code: | | GetModuleFileNameExA(PHandle, Modules[i], @ModuleFileName, SizeOf(ModuleFileName)); |
But don't return a valid value.
| Code: | | GetModuleFileNameExA(PHandle, Modules[i], PAnsiChar(ModuleFileName), SizeOf(ModuleFileName)); |
But return "Invalid typecast".
| Code: | | GetModuleFileNameExA(PHandle, Modules[i], PAnsiChar(ModuleFileName[i]), SizeOf(ModuleFileName)); |
But return an access violation.
I don't know this function, maybe that's why I can't solve it.
Thank's
|
|
| Back to top |
|
|
Krähne
Expert Cheater
Reputation: 0
Joined: 06 Jun 2010
Posts: 108
Location: Inside of my Kernel
|
| Posted: Fri May 13, 2011 12:09 am Post subject: |
|
|
Hey dude, i modified the snippet, now works correctly, and more compact:
| Code: | function GetModuleBaseAddress(ProcessID: Cardinal; MName: String): Pointer;
var
Modules : Array of HMODULE;
cbNeeded, i : Cardinal;
ModuleInfo : TModuleInfo;
ModuleName : Array[0..MAX_PATH] of Char;
PHandle : THandle;
begin
Result := nil;
SetLength(Modules, 1024);
PHandle := OpenProcess(PROCESS_QUERY_INFORMATION + PROCESS_VM_READ, False, ProcessID);
if (PHandle <> 0) then
begin
EnumProcessModules(PHandle, @Modules[0], 1024 * SizeOf(HMODULE), cbNeeded); //Getting the enumeration of modules
SetLength(Modules, cbNeeded div SizeOf(HMODULE)); //Setting the number of modules
for i := 0 to Length(Modules) - 1 do //Start the loop
begin
GetModuleBaseName(PHandle, Modules[i], ModuleName, SizeOf(ModuleName)); //Getting the name of module
if AnsiCompareText(MName, ModuleName) = 0 then //If the module name matches with the name of module we are looking for...
begin
GetModuleInformation(PHandle, Modules[i], @ModuleInfo, SizeOf(ModuleInfo)); //Get the information of module
Result := ModuleInfo.lpBaseOfDll; //Return the information we want (The image base address)
CloseHandle(PHandle);
Exit;
end;
end;
end;
end; |
PS: Don't forget to add to the using: PsAPI and SysUtils.
| Description: |
|
| Filesize: |
22.39 KB |
| Viewed: |
18111 Time(s) |
|
_________________
Excuse me if you don't understand what I just said, but "english" isn't my native language. |
|
| Back to top |
|
|
jojunior1995
How do I cheat?
![]() Reputation: 0
Joined: 11 May 2011
Posts: 4
|
| Posted: Fri May 13, 2011 8:47 am Post subject: |
|
|
Thank you man!
Needs StrUtils too...
@EDIT
Man, it's always returns 1400000.
It worked like my function.
PS: The module that I wanna know the BaseAddress is the Main Module, in the case of Counter Strike 1.6 Non-Steam, is hl.exe.
What am I doing wrong?
I call this function with the PID of hl.exe and modulename is 'hl.exe'.
Thanks
Last edited by jojunior1995 on Fri May 13, 2011 9:08 am; edited 1 time in total |
|
| Back to top |
|
|
Krähne
Expert Cheater
Reputation: 0
Joined: 06 Jun 2010
Posts: 108
Location: Inside of my Kernel
|
| Posted: Fri May 13, 2011 9:07 am Post subject: |
|
|
| jojunior1995 wrote: | Thank you man!
Needs StrUtils too...
@EDIT
Man, it's always returns 1400000.
It worked like my function.
PS: The module that I wanna know the BaseAddress is the Main Module, in the case of Counter Strike 1.6 Non-Steam, is hl.exe.
What am I doing wrong?
I call this function with the PID of hl.exe and modulename is 'hl.exe'. |
No, doesn't need it, because the AnsiCompareText function, are stored on SysUtils.pas.
So...? the image base of module hl.exe is 01400000, just like i show you in the attachment.
PS: i call the function like this:
| Code: | | Label3.Caption := IntToHex(Ulong(GetModuleBaseAddress(StrToInt(Edit2.Text), Edit1.Text)), 8); |
Regards;
| Description: |
| Testing the snippet with another module... |
|
| Filesize: |
136.96 KB |
| Viewed: |
18042 Time(s) |
|
| Description: |
|
| Filesize: |
370.72 KB |
| Viewed: |
18045 Time(s) |
|
_________________
Excuse me if you don't understand what I just said, but "english" isn't my native language. |
|
| Back to top |
|
|
jojunior1995
How do I cheat?
![]() Reputation: 0
Joined: 11 May 2011
Posts: 4
|
| Posted: Fri May 13, 2011 1:34 pm Post subject: |
|
|
But it isn't the address that I need o.o
I look on CE and this value changes when the game is restarted...
And the function always returns 01400000 '-'
I've made a function to get the Address of Multi Level Pointer...
Works perfectly
| Code: | function AddressOfMultiLevelPointer(Access: THandle; InitialAddress: Cardinal;
Offsets: array of Cardinal): Cardinal;
var
Address: Cardinal;
Buff: Cardinal;
Read: Cardinal;
i: integer;
begin
Address := InitialAddress + Offsets[ High(Offsets)];
ReadProcessMemory(Access, Pointer(Address), @Buff, SizeOf(Buff), Read);
for i := High(Offsets) - 1 downto 1 do
begin
Address := Buff + Offsets[i];
ReadProcessMemory(Access, Pointer(Address), @Buff, SizeOf(Buff), Read);
end;
Result := Buff + Offsets[0];
end; |
It can be used like this:
| Code: |
var
Address, InitialAddress, PID, Buff: Cardinal;
Value: Cardinal;
Access: THandle;
const
OFFSET1: Cardinal = $00CC;
OFFSET2: Cardinal = $05E8;
OFFSET3: Cardinal = $00A4;
OFFSET4: Cardinal = $05DC;
OFFSET5: Cardinal = $03A0;
begin
PID := GetProcessIdByName('hl.exe'); //Function created by me to get PID by name
Access := OpenProcess(PROCESS_ALL_ACCESS, False, PID);
InitialAddress := GetModuleBaseAddress(PID, 'hl.exe') + $011544A0;
Address := AddressOfMultiLevelPointer(Access, InitialAddress, [OFFSET1, OFFSET2, OFFSET3, OFFSET4, OFFSET5]);
ReadProcessMemory(Access, Ptr(Address), @Value, SizeOf(Value), Buff);
Showmessage(IntToStr(Value));
end;
|
Can you pass me your MSN? To hellp me on the game.. I'm almost dying '-'
|
|
| Back to top |
|
|
Krähne
Expert Cheater
Reputation: 0
Joined: 06 Jun 2010
Posts: 108
Location: Inside of my Kernel
|
| Posted: Fri May 13, 2011 2:25 pm Post subject: |
|
|
| jojunior1995 wrote: | But it isn't the address that I need o.o
I look on CE and this value changes when the game is restarted...
And the function always returns 01400000 '-'
I've made a function to get the Address of Multi Level Pointer...
Works perfectly
| Code: | function AddressOfMultiLevelPointer(Access: THandle; InitialAddress: Cardinal;
Offsets: array of Cardinal): Cardinal;
var
Address: Cardinal;
Buff: Cardinal;
Read: Cardinal;
i: integer;
begin
Address := InitialAddress + Offsets[ High(Offsets)];
ReadProcessMemory(Access, Pointer(Address), @Buff, SizeOf(Buff), Read);
for i := High(Offsets) - 1 downto 1 do
begin
Address := Buff + Offsets[i];
ReadProcessMemory(Access, Pointer(Address), @Buff, SizeOf(Buff), Read);
end;
Result := Buff + Offsets[0];
end; |
It can be used like this:
| Code: |
var
Address, InitialAddress, PID, Buff: Cardinal;
Value: Cardinal;
Access: THandle;
const
OFFSET1: Cardinal = $00CC;
OFFSET2: Cardinal = $05E8;
OFFSET3: Cardinal = $00A4;
OFFSET4: Cardinal = $05DC;
OFFSET5: Cardinal = $03A0;
begin
PID := GetProcessIdByName('hl.exe'); //Function created by me to get PID by name
Access := OpenProcess(PROCESS_ALL_ACCESS, False, PID);
InitialAddress := GetModuleBaseAddress(PID, 'hl.exe') + $011544A0;
Address := AddressOfMultiLevelPointer(Access, InitialAddress, [OFFSET1, OFFSET2, OFFSET3, OFFSET4, OFFSET5]);
ReadProcessMemory(Access, Ptr(Address), @Value, SizeOf(Value), Buff);
Showmessage(IntToStr(Value));
end;
|
Can you pass me your MSN? To hellp me on the game.. I'm almost dying '-' |
Hmmm, you still do not understand me...
Msn: [email protected] hope via msn, can solve it.
_________________
Excuse me if you don't understand what I just said, but "english" isn't my native language. |
|
| Back to top |
|
|
DeletedUser14087
I post too much
![]() Reputation: 2
Joined: 21 Jun 2006
Posts: 3069
|
| Posted: Fri May 13, 2011 3:25 pm Post subject: |
|
|
use DebugActiveProcess (DBG_CONTINUE to resume threads),
ResumeThread, WaitForDebugEvent (_DEBUG_EVENT)
processcreation.lpStartAddress / lpImageBase.
p.s: I'm a noob
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
, i have made this snipet:
, shouldn't be a problem.