| View previous topic :: View next topic |
| Author |
Message |
neowrs
Newbie cheater
![]() Reputation: 0
Joined: 07 Oct 2015
Posts: 15
|
 Posted: Wed Oct 07, 2015 5:15 pm Post subject: c++ get part of Base Address |
 |
|
always Base Address = client.exe+address
so it's impossible to get the address without client.exe
example client.exe+EAF4 = 0126587 and i need only EAF4
|
|
| Back to top |
|
 |
aasi888
How do I cheat?
![]() Reputation: 0
Joined: 29 Jul 2009
Posts: 6
|
| Posted: Thu Oct 08, 2015 10:46 am Post subject: |
|
|
I'm stuck in same spot.
Example:
"Wow.exe"+00B91590
How I get the hex value of "Wow.exe" in c++?
What is the "Wow.exe" even called? Kinda hard to search when I don't know what it's called 
Reading from dynamic memory address is working fine though.
PS Not using DLL injects.
|
|
| Back to top |
|
|
STN
I post too much
 Reputation: 43
Joined: 09 Nov 2005
Posts: 2676
|
|
| Back to top |
|
|
neowrs
Newbie cheater
![]() Reputation: 0
Joined: 07 Oct 2015
Posts: 15
|
| Posted: Thu Oct 15, 2015 4:53 pm Post subject: |
|
|
| aasi888 wrote: | I'm stuck in same spot.
Example:
"Wow.exe"+00B91590
How I get the hex value of "Wow.exe" in c++?
What is the "Wow.exe" even called? Kinda hard to search when I don't know what it's called
Reading from dynamic memory address is working fine though.
PS Not using DLL injects. |
try
DWORD ady = 0xB91590;
HMODULE wow= GetModuleHandle(TEXT("Wow.exe"));
ady = (DWORD)wow+ady;
| STN wrote: | Read this
This way you will get "hex" value of wow.exe or client.exe or whatever you prefer. |
i don't need to the hex i need to remove the hex of the address
|
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Sat Oct 17, 2015 7:42 pm Post subject: |
|
|
GetModuleHandle does not work like that unless you are injected into the process.
_________________
- Retired. |
|
| Back to top |
|
|
aasi888
How do I cheat?
![]() Reputation: 0
Joined: 29 Jul 2009
Posts: 6
|
| Posted: Sun Oct 18, 2015 9:04 am Post subject: |
|
|
I tried searching for several pages and found a function that seems to get the modulebase address. However I'm not able to calculate correct starting address with module base + static adress. Is the problem in the module base function or am I calculating it wrong?
The Start_address (see picture) should be "0EAEEE10", but my code gets it wrong: "1d91590".
"Wow.exe"+00B91590 -> 0EAEEE10
"ModuleBase"+static_BaseAddress -> Start_address
See picture for clarification.
Full prints that my code gives:
| Code: | exe_name: Wow.exe
Process_ID: 5248
ModuleBase: 1200000
Start_address: 1d91590 |
Here is the full code. It will print all the relevant things to your screen as long as you have correctly entered the SETTINGS.
| Code: |
#include <windows.h>
#include <TlHelp32.h>
#include <iostream>
//SETTINGS -----------------
LPCSTR window_name = "World of Warcraft"; //<- MAKE SURE it matches the window name
LPSTR exe_name = "Wow.exe";
DWORD Process_ID=0; //User defined pid. Leave as "0" to automaticly find it.
//END OF SETTINGS -----------------
DWORD GetModuleBase(LPSTR lpModuleName, DWORD procId)
{
MODULEENTRY32 lpModuleEntry = {0};
HANDLE hSnapShot = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, procId );
if(!hSnapShot)
return NULL;
lpModuleEntry.dwSize = sizeof(lpModuleEntry);
BOOL bModule = Module32First( hSnapShot, &lpModuleEntry );
while(bModule)
{
if(!strcmp( lpModuleEntry.szModule, lpModuleName ) )
{
CloseHandle( hSnapShot );
return (DWORD)lpModuleEntry.modBaseAddr;
}
bModule = Module32Next( hSnapShot, &lpModuleEntry );
}
CloseHandle( hSnapShot );
return NULL;
}
int main()
{
system("cls");
//Get process id
if (Process_ID==0) //If user left "Process_ID" as "0" then we need to find it
{
HWND hGameWindow = FindWindow(NULL,window_name);
GetWindowThreadProcessId( hGameWindow, &Process_ID );
}
//Search module base
DWORD ModuleBase = GetModuleBase(exe_name,Process_ID); //exe name, Process ID
DWORD static_BaseAddress = {0x00B91590};
DWORD Start_address = ModuleBase + static_BaseAddress;
//Prints for debugging
std::cout << "exe_name: " << std::hex << exe_name << std::endl;
std::cout << "Process_ID: " << std::dec << Process_ID << std::endl;
std::cout << "ModuleBase: " <<std::hex << ModuleBase << std::endl;
std::cout << "Start_address: " <<std::hex << Start_address << std::endl;
std::cout << std::endl;
system("PAUSE");
return(0);
} |
In short: Is te problem in my calculation or in the function? How do I fix this?
| Description: |
|
| Filesize: |
15.92 KB |
| Viewed: |
15412 Time(s) |
|
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25796
Location: The netherlands
|
| Posted: Sun Oct 18, 2015 9:38 am Post subject: |
|
|
the pointerscreen misses one calculation displayed due to screen size limitation, but this is what it would show (in reverse)
assuming wow.exe is at 00400000
| Code: |
[00400000+00b91590]=[00f91590] - [00f91590]->0e91d2d0
[0e91d2d0+710]=[0E91D9E0] - [0E91D9E0] ->1d764c50
[1d764c50+1c]=[1d764c6c] - [1d764c6c] -> 2c04c934
[2c04c934+a4]=[2C04C9D8] [2C04C9D8]-> 20560db8
[20560db8+1a8]=[20560F60] [20560F60]->215fe07c
215fe07c+1f8=215FE274
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
aasi888
How do I cheat?
![]() Reputation: 0
Joined: 29 Jul 2009
Posts: 6
|
| Posted: Sun Oct 25, 2015 2:47 pm Post subject: |
|
|
Thanks alot!
I didn't realize that I had to use readprocessmemory after adding the first two:
"ModuleBase"+static_BaseAddress
Now It's working. Thanks!
|
|
| Back to top |
|
|
hey
How do I cheat?
![]() Reputation: 0
Joined: 04 Nov 2015
Posts: 4
|
| Posted: Wed Nov 04, 2015 12:08 pm Post subject: |
|
|
| With this code I get for ModuleBase 0. Code find PID and displays it correctly, but ModuleBase is 0.
|
|
| Back to top |
|
|
aasi888
How do I cheat?
![]() Reputation: 0
Joined: 29 Jul 2009
Posts: 6
|
| Posted: Sat Nov 07, 2015 10:33 am Post subject: |
|
|
| hey wrote: | | With this code I get for ModuleBase 0. Code find PID and displays it correctly, but ModuleBase is 0. |
Its 32bit program? Cause mine is 32bit.
Did you change the window name and exe name to match? I think they are case sensitive:
| Code: | LPCSTR window_name = "Untitled - Notepad"; //<- MAKE SURE it matches the window name
LPSTR exe_name = "notepad.exe"; |
PS I haven't tested this with notepad myself, but instead with another program.
|
|
| Back to top |
|
|
hey
How do I cheat?
![]() Reputation: 0
Joined: 04 Nov 2015
Posts: 4
|
| Posted: Wed Nov 11, 2015 2:39 am Post subject: |
|
|
I am using 64 bit windows, can that be a problem?
EDIT:
Can you update your code with Dark Byte's suggestion?
| Description: |
|
| Filesize: |
54.97 KB |
| Viewed: |
14776 Time(s) |
|
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
