Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Making a single Adress of "something.dll + adress"

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
Epanias
How do I cheat?
Reputation: 0

Joined: 31 Jan 2014
Posts: 2

PostPosted: Fri Jan 31, 2014 10:55 am    Post subject: Making a single Adress of "something.dll + adress" Reply with quote

Hello,
I'm new to this forum, so I hope that i got the right section for this question.

I'm currently writing a trainer using c#, which's code only supports a pointer adress that exists of an "only adress" without something.dll + Adress.

So for example, I want to change an adress like:
"Engine.dll"+001EA9E0
To something like:
00BE34D5
without the Engine.dl link. Is there any way to calculate the adress from the "Engine.dll"+001EA9E0 to a single adress? Cheat Engine tells me something like:
"Engine.dll"+001EA9E0 -> 040c0720
but if I try to use this adress (040c0720) instead of the "Engine.dll"+001EA9E0 it leads me to a totally different adress or not even to one existing one, as soon as I add the offsets I use for it.
Am I just doing something wrong or how does this work (if it is possible)?

Greetings
Epanias
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Fri Jan 31, 2014 11:16 am    Post subject: Reply with quote

Open Memory Viewer, press CTRL+G

paste this
"Engine.dll"+001EA9E0

click OK, (do not click anything else), press again CTRL+G

You will see the same window, but this time, "modulename+offset" is converted to "Address".



"Cheat Engine tells me something like (...) it leads me to a totally different adress "
What exactly are you doing?

_________________
Back to top
View user's profile Send private message MSN Messenger
STN
I post too much
Reputation: 43

Joined: 09 Nov 2005
Posts: 2676

PostPosted: Fri Jan 31, 2014 11:21 am    Post subject: Reply with quote

This is called code shifting. The reason using an address without the offset leads you nowhere is because the dll loads at a different address.

When you type "Engine.dll"+001EA9E0 what CE does is find the base address of engine.dll and adds the offset 001EA9E0 to leading you to 040c0720. In your trainer, do the same. Find the base address of the dll and then add the offset and you should be at the correct address.

Simply using 040c0720 won't work if the dll randomly loads at different address which is the case almost all the time.

Read up spookie's tutorial on codeshifting ( http://deviatedhacking.com/index.php/topic/831-codeshifting-intro-techniques-solution/ )and you will understand this

_________________
Cheat Requests/Tables- Fearless Cheat Engine
https://fearlessrevolution.com
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00

PostPosted: Fri Jan 31, 2014 12:27 pm    Post subject: Reply with quote

Yes, some DLLs are "shifted", some doesn't.


For example, cheatengine-i386.exe always loads lua5.1-32.dll at address 0x10000000, and ntdll.dll always at 0x7C900000 (WinXP)

_________________
Back to top
View user's profile Send private message MSN Messenger
Epanias
How do I cheat?
Reputation: 0

Joined: 31 Jan 2014
Posts: 2

PostPosted: Sat Feb 01, 2014 5:45 am    Post subject: Reply with quote

Thanks guys, that's exactly what I seeked for Smile. Too bad that my dlls are not just loaded on the exactly same adress.

Greetings
Epanias
Back to top
View user's profile Send private message
STN
I post too much
Reputation: 43

Joined: 09 Nov 2005
Posts: 2676

PostPosted: Sat Feb 01, 2014 6:17 am    Post subject: Reply with quote

Its very rare that the address stays the same. In some instances on your computer the dll will load at a constant address but on a second computer it will at a different address. So its always safe to assume the dll will shift and use offsets than hard-coded address.

Good to know you figured it out Smile.

_________________
Cheat Requests/Tables- Fearless Cheat Engine
https://fearlessrevolution.com
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites