| View previous topic :: View next topic |
| Author |
Message |
itsoqrappy
Advanced Cheater
![]() Reputation: 0
Joined: 24 Mar 2016
Posts: 67
|
 Posted: Fri Mar 25, 2016 11:54 am Post subject: [C++] Get current dynamic address |
 |
|
I'm trying to get the dynamic-current address and set it to 0 in C++. I have a fifth-level (5° level) pointer, so I have 5 offsets. This is the code:
PlayerCanReload equals to 0x07DBFFE4 and the dll is injected in the game. I'm not sure where I'm wrong, so I'm asking you for a solution as I don't get any effect of the hack when I'm on the game.
Thanks in advance.
Last edited by itsoqrappy on Wed Apr 27, 2016 12:11 pm; edited 1 time in total |
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4709
|
| Posted: Fri Mar 25, 2016 12:17 pm Post subject: |
|
|
I'm pretty sure that's not how ReadProcessMemory is suppose to work. ReadProcessMemory returns a nonzero value if it succeeds and 0 if it fails, so assigning the return value like you're doing is insignificant. The third parameter is suppose to be where you store the result of the read.
See the documentation for more details:
https://msdn.microsoft.com/en-us/library/windows/desktop/ms680553(v=vs.85).aspx
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
itsoqrappy
Advanced Cheater
![]() Reputation: 0
Joined: 24 Mar 2016
Posts: 67
|
| Posted: Fri Mar 25, 2016 12:26 pm Post subject: |
|
|
| ParkourPenguin wrote: | I'm pretty sure that's not how ReadProcessMemory is suppose to work. ReadProcessMemory returns a nonzero value if it succeeds and 0 if it fails, so assigning the return value like you're doing is insignificant. The third parameter is suppose to be where you store the result of the read.
|
Alright, what do you suggest me to do to get a solution?
should it be like this?:
DWORD thesecond = ReadProcessMemory(BaseAddress, (void*)thefirst, &thesecond, sizeof(thefirst), &numbytesread) + 0x3cc;
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4709
|
| Posted: Fri Mar 25, 2016 12:44 pm Post subject: |
|
|
As I said before, the return value of that function isn't relevant to you. Add the offset to the dword after the call (or in the next call).
Also, make sure the end result is the address of the value and not the value itself.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
itsoqrappy
Advanced Cheater
![]() Reputation: 0
Joined: 24 Mar 2016
Posts: 67
|
| Posted: Fri Mar 25, 2016 1:06 pm Post subject: |
|
|
| ParkourPenguin wrote: | As I said before, the return value of that function isn't relevant to you. Add the offset to the dword after the call (or in the next call).
Also, make sure the end result is the address of the value and not the value itself. |
do you mean soomthing like this?
Last edited by itsoqrappy on Wed Apr 27, 2016 12:11 pm; edited 2 times in total |
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4709
|
| Posted: Fri Mar 25, 2016 1:24 pm Post subject: |
|
|
Yes. Just make sure that last ReadProcessMemory is needed. Otherwise, "result" will be the value of the address you want instead of the address itself (this would probably cause a segfault). Right now that's a level 6 pointer with the final offset being 0.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
itsoqrappy
Advanced Cheater
![]() Reputation: 0
Joined: 24 Mar 2016
Posts: 67
|
| Posted: Fri Mar 25, 2016 1:29 pm Post subject: |
|
|
tnx for your reply, but
| ParkourPenguin wrote: | | make sure that last ReadProcessMemory is needed. |
which one? could you do an example?
| Quote: | | Otherwise, "result" will be the value of the address you want instead of the address itself (this would probably cause a segfault). Right now that's a level 6 pointer with the final offset being 0. |
in fact, this "hack" doesn't still work 
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4709
|
| Posted: Fri Mar 25, 2016 1:36 pm Post subject: |
|
|
Your last call to ReadProcessMemory:
| Code: | | ReadProcessMemory(BaseAddress, (void*)thefifth, &result, sizeof(thefifth), &numbytesread); |
You said this pointer is suppose to be a level 5 pointer. If you have that line in there, that makes this a level 6 pointer. Try removing that line of code and replace (void*)result with (void*)thefifth in your call to WriteProcessMemory.
If it still doesn't work, open up CE, click on "Add Address Manually", put in all the pointer information, and post an image of that box showing the pointer path and everything.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
itsoqrappy
Advanced Cheater
![]() Reputation: 0
Joined: 24 Mar 2016
Posts: 67
|
| Posted: Fri Mar 25, 2016 2:00 pm Post subject: |
|
|
still nothing
Last edited by itsoqrappy on Fri Mar 25, 2016 4:25 pm; edited 2 times in total |
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4709
|
| Posted: Fri Mar 25, 2016 3:18 pm Post subject: |
|
|
You're mixing up the second and fourth offsets.
The second offset is 0x2cc and the fourth is 0x27c in CE. It's backwards in your code.
Also, I noticed that the first argument to both functions should be a handle to the current process. If you're injecting this as a .dll, you could probably use GetCurrentProcess; otherwise, OpenProcess should work.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
itsoqrappy
Advanced Cheater
![]() Reputation: 0
Joined: 24 Mar 2016
Posts: 67
|
| Posted: Fri Mar 25, 2016 3:55 pm Post subject: |
|
|
| ParkourPenguin wrote: | You're mixing up the second and fourth offsets.
The second offset is 0x2cc and the fourth is 0x27c in CE. It's backwards in your code.
Also, I noticed that the first argument to both functions should be a handle to the current process. If you're injecting this as a .dll, you could probably use GetCurrentProcess; otherwise, OpenProcess should work. |
ok, offsets now are fixed.
any suggestion to fix?
tnx
Last edited by itsoqrappy on Fri Mar 25, 2016 4:25 pm; edited 3 times in total |
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4709
|
| Posted: Fri Mar 25, 2016 4:08 pm Post subject: |
|
|
Oh. Right. The base address of a module is pretty important.
Just google "C++ get module base address" or something similar. In case you haven't noticed, C++ isn't my forte- it's been too long since I programmed in it and I never even got that far into it. There are many other people who can explain it easier and faster than I can.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Fri Mar 25, 2016 4:33 pm Post subject: |
|
|
| Quote: | DWORD *BaseAddress = (DWORD*)GetModuleHandle(NULL);
DWORD *address = (DWORD*)((DWORD*)BaseAddress + PlayerCanReload); |
You shouldn't be using the module handle like this. Since you are injected you shouldn't be using ReadProcessMemory/WriteProcessMemory either. There is no point to the extra overhead since you have direct memory access when injected.
First and foremost, don't cast the module base to a pointer type.
The following will suffice:
| Code: | | auto baseAddress = (DWORD)::GetModuleHandle(nullptr); |
Then you can just use casting to step the pointer:
| Code: | // Obtain the base address..
auto baseAddress = (DWORD)::GetModuleHandle(nullptr);
// Read the first pointer..
auto address = *(DWORD*)(baseAddress + PlayerCanReload);
// Read the following pointers.. (Not sure how you want these setup since your main post is completely wrong..)
auto thefirst = *(DWORD*)(address + 0x00); // Adjust with your needed offset..
auto thesecond = *(DWORD*)(thefirst + 0x00); // Adjust with your needed offset..
auto thethird = *(DWORD*)(thesecond + 0x00); // Adjust with your needed offset.
// and so on until you get what you need..
// then with the last address you can write via:
*(DWORD*)(thethird + 0x00) = 1234; |
Adjust as needed for the amount of offsets to step into, you should also do pointer checks for null pointers so you don't have invalid reads/writes that will crash. Also, writing to the address may crash due to permission issues. You will need to use VirtualProtect on the final address to gain access to write to it.
You should read into the API more since it is pretty clear you don't know how to use them properly. Perhaps you are jumping into things a bit too quickly and should probably slow down and learn some more basics of C++ first.
_________________
- Retired. |
|
| Back to top |
|
|
itsoqrappy
Advanced Cheater
![]() Reputation: 0
Joined: 24 Mar 2016
Posts: 67
|
| Posted: Fri Mar 25, 2016 6:09 pm Post subject: |
|
|
[quote="itsoqrappy"] | atom0s wrote: | | Quote: | DWORD *BaseAddress = (DWORD*)GetModuleHandle(NULL);
DWORD *address = (DWORD*)((DWORD*)BaseAddress + PlayerCanReload); |
You shouldn't be using the module handle like this. Since you are injected you shouldn't be using ReadProcessMemory/WriteProcessMemory either. There is no point to the extra overhead since you have direct memory access when injected.
First and foremost, don't cast the module base to a pointer type.
The following will suffice:
| Code: | | auto baseAddress = (DWORD)::GetModuleHandle(nullptr); |
Then you can just use casting to step the pointer:
| Code: | // Obtain the base address..
auto baseAddress = (DWORD)::GetModuleHandle(nullptr);
// Read the first pointer..
auto address = *(DWORD*)(baseAddress + PlayerCanReload);
// Read the following pointers.. (Not sure how you want these setup since your main post is completely wrong..)
auto thefirst = *(DWORD*)(address + 0x00); // Adjust with your needed offset..
auto thesecond = *(DWORD*)(thefirst + 0x00); // Adjust with your needed offset..
auto thethird = *(DWORD*)(thesecond + 0x00); // Adjust with your needed offset.
// and so on until you get what you need..
// then with the last address you can write via:
*(DWORD*)(thethird + 0x00) = 1234; |
Adjust as needed for the amount of offsets to step into, you should also do pointer checks for null pointers so you don't have invalid reads/writes that will crash. Also, writing to the address may crash due to permission issues. You will need to use VirtualProtect on the final address to gain access to write to it.
You should read into the API more since it is pretty clear you don't know how to use them properly. Perhaps you are jumping into things a bit too quickly and should probably slow down and learn some more basics of C++ first. |
what do you mean with checking for null pointers?
tnxinadvance
Last edited by itsoqrappy on Wed Apr 27, 2016 12:12 pm; edited 1 time in total |
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Sat Mar 26, 2016 12:27 am Post subject: |
|
|
Unless you post your full code there isn't much we can do to really determine what the problem is. You're probably still doing something incorrect.
_________________
- Retired. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
