| View previous topic :: View next topic |
| Author |
Message |
itsoqrappy
Advanced Cheater
![]() Reputation: 0
Joined: 24 Mar 2016
Posts: 67
|
 Posted: Wed Apr 20, 2016 8:10 am Post subject: C++ and multilevel pointers |
 |
|
I'm making a dll to be injected to a game (in my case Solitaire for example) ... I have this code:
| Quote: |
auto baseAddress = (DWORD)::GetModuleHandle(nullptr);
auto address = *(DWORD*)(baseAddress + ADDYBASE); |
but it crashes, even if i tried everything, nothing stops crashing the game.
The pointer/offsets is/are correct, dunno if casting is not correct and if i'm using VirtualProtect properly.
@ParkourPenguin
Last edited by itsoqrappy on Wed Apr 27, 2016 12:07 pm; edited 1 time in total |
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4711
|
| Posted: Wed Apr 20, 2016 9:32 am Post subject: |
|
|
Do this first.
What's with those two colons between (DWORD) and GetModuleHandle?
Are you sure you should be dereferencing that last pointer? Right now that's a level 6 pointer with the last offset being 0.
You should've posted this in the general programming forum.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
itsoqrappy
Advanced Cheater
![]() Reputation: 0
Joined: 24 Mar 2016
Posts: 67
|
| Posted: Wed Apr 20, 2016 1:05 pm Post subject: |
|
|
| ParkourPenguin wrote: | Do this first.
What's with those two colons between (DWORD) and GetModuleHandle?
Are you sure you should be dereferencing that last pointer? Right now that's a level 6 pointer with the last offset being 0.
You should've posted this in the general programming forum. |
| Quote: | | Are you sure you should be dereferencing that last pointer? Right now that's a level 6 pointer with the last offset being 0. |
Any explanation?
| Quote: |
What's with those two colons between (DWORD) and GetModuleHandle? |
Which one?
thanks in advance 
Last edited by itsoqrappy on Wed Apr 27, 2016 12:07 pm; edited 1 time in total |
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4711
|
| Posted: Wed Apr 20, 2016 2:14 pm Post subject: |
|
|
Adding that line of code only changed your second to last offset from 0x790 to 0, assuming you're writing to theresult the same way you did with thefifth.
That was my explanation. Try learning how to use pointers in C++ before you start messing with them (tutorial).
There's only one place where there are two sequential colons ("::") in the code you posted, so I'll assume you didn't intend to ask that second question in that manner.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
itsoqrappy
Advanced Cheater
![]() Reputation: 0
Joined: 24 Mar 2016
Posts: 67
|
| Posted: Wed Apr 20, 2016 4:31 pm Post subject: |
|
|
| ParkourPenguin wrote: | Adding that line of code only changed your second to last offset from 0x790 to 0, assuming you're writing to theresult the same way you did with thefifth.
That was my explanation. Try learning how to use pointers in C++ before you start messing with them (tutorial).
There's only one place where there are two sequential colons ("::") in the code you posted, so I'll assume you didn't intend to ask that second question in that manner. |
In the virtualprotect function shouldn't I use an &?
|
|
| Back to top |
|
|
hhhuut
Grandmaster Cheater
 Reputation: 6
Joined: 08 Feb 2015
Posts: 607
|
| Posted: Thu Apr 21, 2016 2:11 am Post subject: |
|
|
Why do you even want to call VirtualProtectEx?
For following a pointer-path that wouldn't be necessary ...
|
|
| Back to top |
|
|
itsoqrappy
Advanced Cheater
![]() Reputation: 0
Joined: 24 Mar 2016
Posts: 67
|
| Posted: Thu Apr 21, 2016 10:03 am Post subject: |
|
|
| hhhuut wrote: | Why do you even want to call VirtualProtectEx?
For following a pointer-path that wouldn't be necessary ... |
I have some doubt in what you are saying. I'm always writing to some internal pointers of the memory.
| ParkourPenguin wrote: | | There's only one place where there are two sequential colons ("::") in the code you posted, so I'll assume you didn't intend to ask that second question in that manner. |
I fixed the code as it was previously, btw tried everything, doesn't work... Also tried searching on internet, nothing .. (I've readed about pointers btw)  ... I think and I ask you (probably) this is wrong?:
| Quote: | | auto baseAddress = (DWORD)::GetModuleHandle(nullptr); |
..?
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4711
|
| Posted: Thu Apr 21, 2016 10:22 am Post subject: |
|
|
Look, just take a screenshot of the pointer path in CE. Get it in your address list, double click on the "Address" field, and post a picture of that here. I'm almost certain your pointer path is the problem.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
itsoqrappy
Advanced Cheater
![]() Reputation: 0
Joined: 24 Mar 2016
Posts: 67
|
| Posted: Fri Apr 22, 2016 9:56 am Post subject: |
|
|
| ParkourPenguin wrote: | | Look, just take a screenshot of the pointer path in CE. Get it in your address list, double click on the "Address" field, and post a picture of that here. I'm almost certain your pointer path is the problem. |
code:
| Quote: | auto baseAddress = (DWORD)::GetModuleHandle(nullptr);
auto address = *(DWORD*)(baseAddress + ADDYBASE);
DWORD a; |
screen:
| Description: |
|
| Filesize: |
67.23 KB |
| Viewed: |
8989 Time(s) |
|
Last edited by itsoqrappy on Wed Apr 27, 2016 12:08 pm; edited 1 time in total |
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4711
|
| Posted: Fri Apr 22, 2016 10:30 am Post subject: |
|
|
Yup, it's as I thought in my first post.
| ParkourPenguin wrote: | | Are you sure you should be dereferencing that last pointer? Right now that's a level 6 pointer with the last offset being 0. |
If you know how to use pointers in C++, then you should know that an asterisk (*) is the dereference operator- it dereferences an address.
So, let's go through this one line at a time using that image as an example:
| Code: | auto baseAddress = (DWORD)::GetModuleHandle(nullptr); // baseAddress = address of Solitaire.exe
auto address = *(DWORD*)(baseAddress + ADDYBASE); // address = ["Solitaire.exe" + BB0E8] = 0042CB30
auto thefirst = *(DWORD*)(address + 0x10); // thefirst = [0042CB30 + 10] = 05D6A2B0
auto thesecond = *(DWORD*)(thefirst + 0x248); // thesecond = [05D6A2B0 + 248] = 05D3A0D0
auto thethird = *(DWORD*)(thesecond + 0x20); // thethird = [05D3A0D0 + 20] = 05D26F10
auto thefourth = *(DWORD*)(thethird + 0x790); // thefourth = [05D26F10 + 790] = 00429F70
auto thefifth = *(DWORD*)(thefourth + 0x7dc); // thefifth = [0042A74C + 7dc] = 272 (decimal)
// protection...
*(DWORD*)(thefifth) = 0; // 272 is an invalid address. Attempting to dereference it triggers a segfault and crashes the process.
// protection... |
PS: the only time when you need to use VirtualProtect is when the page you're accessing doesn't have the right protection on it. Assuming the game is writing to the address, it probably has at least PAGE_READWRITE on it which already allows you to write to it. Browse the memory region of the end address and look at the top of the hex view to see the protection on it.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
Cake-san
Grandmaster Cheater
 Reputation: 8
Joined: 18 Dec 2014
Posts: 541
Location: Semenanjung
|
| Posted: Fri Apr 22, 2016 10:49 am Post subject: |
|
|
#Solitaire v6.1 (Build 7601:Service Pack 1)
#64 bits
time address: [[solitaire.exe+BAFA8]+50]+c
score address: [[solitaire.exe+BAFA8]+50]+14
aob for instruction that accessed the base address: 48 8B 1D * * * * 48 8B BB
_________________
... |
|
| Back to top |
|
|
itsoqrappy
Advanced Cheater
![]() Reputation: 0
Joined: 24 Mar 2016
Posts: 67
|
| Posted: Fri Apr 22, 2016 11:18 am Post subject: |
|
|
| ParkourPenguin wrote: | Yup, it's as I thought in my first post.
| ParkourPenguin wrote: | | Are you sure you should be dereferencing that last pointer? Right now that's a level 6 pointer with the last offset being 0. |
If you know how to use pointers in C++, then you should know that an asterisk (*) is the dereference operator- it dereferences an address.
So, let's go through this one line at a time using that image as an example:
| Code: | auto baseAddress = (DWORD)::GetModuleHandle(nullptr); // baseAddress = address of Solitaire.exe
auto address = *(DWORD*)(baseAddress + ADDYBASE); // address = ["Solitaire.exe" + BB0E8] = 0042CB30
auto thefirst = *(DWORD*)(address + 0x10); // thefirst = [0042CB30 + 10] = 05D6A2B0
auto thesecond = *(DWORD*)(thefirst + 0x248); // thesecond = [05D6A2B0 + 248] = 05D3A0D0
auto thethird = *(DWORD*)(thesecond + 0x20); // thethird = [05D3A0D0 + 20] = 05D26F10
auto thefourth = *(DWORD*)(thethird + 0x790); // thefourth = [05D26F10 + 790] = 00429F70
auto thefifth = *(DWORD*)(thefourth + 0x7dc); // thefifth = [0042A74C + 7dc] = 272 (decimal)
// protection...
*(DWORD*)(thefifth) = 0; // 272 is an invalid address. Attempting to dereference it triggers a segfault and crashes the process.
// protection... |
PS: the only time when you need to use VirtualProtect is when the page you're accessing doesn't have the right protection on it. Assuming the game is writing to the address, it probably has at least PAGE_READWRITE on it which already allows you to write to it. Browse the memory region of the end address and look at the top of the hex view to see the protection on it. |
Works now! Are you a magician?
Anyhow can u list me what are your knowledgment? Did you study C++, ASM, LUA or/and others langs?
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
