Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Application.exe+000000 (Address) - GetModuleBaseAddress

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
thefear
How do I cheat?
Reputation: 0

Joined: 22 Nov 2012
Posts: 4
PostPosted: Thu Nov 22, 2012 8:40 pm    Post subject: Application.exe+000000 (Address) - GetModuleBaseAddress Reply with quote
I can get some addresses with Chat Engine, but when I try to read the values ​​with ReadProcessMemory does not return the correct value, but in Cheat Engine returns the correct value.

I find that the engine returns Chat: app.exe+55FB78.

I searched a lot about it on the internet, but without success.

The only thing I found was a function that I am not able to use correctly.

Code:

function GetModuleBaseAddress(ProcessID: Cardinal; MName: String): Pointer;
var
  Modules         : Array of HMODULE;
  cbNeeded, i     : Cardinal;
  ModuleInfo      : TModuleInfo;
  ModuleName      : Array[0..MAX_PATH] of Char;
  PHandle         : THandle;
begin
  Result := nil;
  SetLength(Modules, 1024);
  PHandle := OpenProcess(PROCESS_QUERY_INFORMATION + PROCESS_VM_READ, False, ProcessID);
  if (PHandle <> 0) then
  begin
    EnumProcessModules(PHandle, @Modules[0], 1024 * SizeOf(HMODULE), cbNeeded); //Getting the enumeration of modules
    SetLength(Modules, cbNeeded div SizeOf(HMODULE)); //Setting the number of modules
    for i := 0 to Length(Modules) - 1 do //Start the loop
    begin
      GetModuleBaseName(PHandle, Modules[i], ModuleName, SizeOf(ModuleName)); //Getting the name of module
      if AnsiCompareText(MName, ModuleName) = 0 then //If the module name matches with the name of module we are looking for...
      begin
        GetModuleInformation(PHandle, Modules[i], @ModuleInfo, SizeOf(ModuleInfo)); //Get the information of module
        Result := ModuleInfo.lpBaseOfDll; //Return the information we want (The image base address)
        CloseHandle(PHandle);
        Exit;
      end;
    end;
  end;
end;


The function takes the address of the process to replace app.exe in Delphi.

Code:

ReadProcessMemory(PId, Pointer(GetModuleBaseAddress(PId, 'app.exe')), @MaxWeight, 4, buffer);


Thus works correctly without errors in Delphi, but returns no results, anyway, I'm just passing the pointer of the process and not the pointer I want to read.

It should stay that way:

Code:

ReadProcessMemory(PId, Pointer(GetModuleBaseAddress(PId, 'app.exe') + $55FB78), @MaxWeight, 4, buffer);


But it contains errors.

[DCC Error] Test.pas(105): E2015 Operator not applicable to this operand type
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 471

Joined: 09 May 2003
Posts: 25833
Location: The netherlands
PostPosted: Fri Nov 23, 2012 4:26 am    Post subject: Reply with quote
GetModuleBaseAddress returns a pointer, so that must be typecast to a dword first, then add the offset, and then convert that result back to a pointer

ReadProcessMemory(PId, Pointer(dword(GetModuleBaseAddress(PId, 'app.exe')) + $55FB78), @MaxWeight, 4, buffer);
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
thefear
How do I cheat?
Reputation: 0

Joined: 22 Nov 2012
Posts: 4
PostPosted: Fri Nov 23, 2012 9:06 am    Post subject: Reply with quote
Dark Byte wrote:
GetModuleBaseAddress returns a pointer, so that must be typecast to a dword first, then add the offset, and then convert that result back to a pointer

ReadProcessMemory(PId, Pointer(dword(GetModuleBaseAddress(PId, 'app.exe')) + $55FB78), @MaxWeight, 4, buffer);


Thank you.

Now is working perfectly.

But there's a catch, I can get integer values ​​with ReadProcessMemory, when I try to get a string value, it gives an error in the program.

Code:
ReadProcessMemory(PHandle, Pointer(DWORD(GetModuleBaseAddress(PId, ProcessName))+$005626B8), @Name, 8, buffer);


The $005626B8 is a address for a string, but i can't read.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 471

Joined: 09 May 2003
Posts: 25833
Location: The netherlands
PostPosted: Fri Nov 23, 2012 5:00 pm    Post subject: Reply with quote
Have you allocated enough memory for the destination buffer ?
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites