| View previous topic :: View next topic |
| Author |
Message |
Epanias
How do I cheat?
![]() Reputation: 0
Joined: 31 Jan 2014
Posts: 2
|
 Posted: Fri Jan 31, 2014 10:55 am Post subject: Making a single Adress of "something.dll + adress" |
 |
|
Hello,
I'm new to this forum, so I hope that i got the right section for this question.
I'm currently writing a trainer using c#, which's code only supports a pointer adress that exists of an "only adress" without something.dll + Adress.
So for example, I want to change an adress like:
"Engine.dll"+001EA9E0
To something like:
00BE34D5
without the Engine.dl link. Is there any way to calculate the adress from the "Engine.dll"+001EA9E0 to a single adress? Cheat Engine tells me something like:
"Engine.dll"+001EA9E0 -> 040c0720
but if I try to use this adress (040c0720) instead of the "Engine.dll"+001EA9E0 it leads me to a totally different adress or not even to one existing one, as soon as I add the offsets I use for it.
Am I just doing something wrong or how does this work (if it is possible)?
Greetings
Epanias |
|
| Back to top |
|
 |
mgr.inz.Player
I post too much
 Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Fri Jan 31, 2014 11:16 am Post subject: |
|
|
Open Memory Viewer, press CTRL+G
paste this
"Engine.dll"+001EA9E0
click OK, (do not click anything else), press again CTRL+G
You will see the same window, but this time, "modulename+offset" is converted to "Address".
"Cheat Engine tells me something like (...) it leads me to a totally different adress "
What exactly are you doing?
_________________
|
|
| Back to top |
|
|
STN
I post too much
 Reputation: 43
Joined: 09 Nov 2005
Posts: 2676
|
| Posted: Fri Jan 31, 2014 11:21 am Post subject: |
|
|
This is called code shifting. The reason using an address without the offset leads you nowhere is because the dll loads at a different address.
When you type "Engine.dll"+001EA9E0 what CE does is find the base address of engine.dll and adds the offset 001EA9E0 to leading you to 040c0720. In your trainer, do the same. Find the base address of the dll and then add the offset and you should be at the correct address.
Simply using 040c0720 won't work if the dll randomly loads at different address which is the case almost all the time.
Read up spookie's tutorial on codeshifting ( http://deviatedhacking.com/index.php/topic/831-codeshifting-intro-techniques-solution/ )and you will understand this
_________________
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Fri Jan 31, 2014 12:27 pm Post subject: |
|
|
Yes, some DLLs are "shifted", some doesn't.
For example, cheatengine-i386.exe always loads lua5.1-32.dll at address 0x10000000, and ntdll.dll always at 0x7C900000 (WinXP)
_________________
|
|
| Back to top |
|
|
Epanias
How do I cheat?
![]() Reputation: 0
Joined: 31 Jan 2014
Posts: 2
|
| Posted: Sat Feb 01, 2014 5:45 am Post subject: |
|
|
Thanks guys, that's exactly what I seeked for  . Too bad that my dlls are not just loaded on the exactly same adress.
Greetings
Epanias |
|
| Back to top |
|
|
STN
I post too much
Reputation: 43
Joined: 09 Nov 2005
Posts: 2676
|
| Posted: Sat Feb 01, 2014 6:17 am Post subject: |
|
|
Its very rare that the address stays the same. In some instances on your computer the dll will load at a constant address but on a second computer it will at a different address. So its always safe to assume the dll will shift and use offsets than hard-coded address.
Good to know you figured it out .
_________________
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
