|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
Ghosting Advanced Cheater Reputation: 0
Joined: 05 Feb 2016 Posts: 54 Location: 127.0.0.1
|
Posted: Mon Jun 12, 2017 8:01 am Post subject: C++ writing to a pointer? |
|
|
This does not work for some reason..
Code: | float new_value = 1;
DWORD pAddress1;
ReadProcessMemory(handle, (LPCVOID*)(BaseAddress + 0x01B9D048), &pAddress1, sizeof(pAddress1), NULL);
ReadProcessMemory(handle, (LPCVOID*)(pAddress1 + 0x0), &pAddress1, sizeof(pAddress1), NULL);
ReadProcessMemory(handle, (LPCVOID*)(pAddress1 + 0x394), &pAddress1, sizeof(pAddress1), NULL);
ReadProcessMemory(handle, (LPCVOID*)(pAddress1 + 0x60), &pAddress1, sizeof(pAddress1), NULL);
ReadProcessMemory(handle, (LPCVOID*)(pAddress1 + 0xD8), &pAddress1, sizeof(pAddress1), NULL);
WriteProcessMemory(handle, (LPVOID*)pAddress1, &new_value, sizeof(new_value), NULL);
|
any idea how I can fix this?
|
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Mon Jun 12, 2017 8:42 am Post subject: |
|
|
I haven't really used C++ for cheating before but
WriteProcessMemory takes
Code: |
BOOL WINAPI WriteProcessMemory(
_In_ HANDLE hProcess,
_In_ LPVOID lpBaseAddress,
_In_ LPCVOID lpBuffer,
_In_ SIZE_T nSize,
_Out_ SIZE_T *lpNumberOfBytesWritten
);
// https://msdn.microsoft.com/en-us/library/windows/desktop/ms681674(v=vs.85).aspx
|
while you're giving it
handle, (LPVOID*)new_value, *(float*)(&new_value), sizeof(new_value), NULL
aka
given: HANDLE?, LPVOID*, float, size_t, size_t?
expected: HANDLE, LPVOID, LPCVOID, SIZE_T, SIZE_T
Presumably the handle is indeed a handle though it's not shown, and I think NULL is supposedly just 0 in C++ so I guess the compiler would implicitly convert it to size_t, hence the ?s. new_value is already known as a float so there's really no need to case it's address as a float* and then dereference it to get it's value which is simply new_value...
Also keep in mind that if you have a 64 bit game that the pointers are 64 bits, 8 bytes, so pAddress1 would need to be large enough for that. While in 32 bit they are 4 bytes. A dword is 4 bytes.
the void** is probably from trying to convert it to (LPVOID*), though honestly I don't know why it's LPVOID* aka void** instead of LPVOID aka void*... again, I haven't actually tried to do this myself, just pointing out some differences I see based on the microsoft documentation.
Last edited by FreeER on Mon Jun 12, 2017 8:47 am; edited 1 time in total |
|
Back to top |
|
|
Ghosting Advanced Cheater Reputation: 0
Joined: 05 Feb 2016 Posts: 54 Location: 127.0.0.1
|
Posted: Mon Jun 12, 2017 8:46 am Post subject: |
|
|
I'm sorry, I fixed that problem I have a new one now; I feel bad you wrote that all . I updated the OP with the problem,
|
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Mon Jun 12, 2017 8:51 am Post subject: |
|
|
No problem
Hm, if there are no error messages try printing out pAddress (in hex of course) at each step and verifying that you are getting the addresses you expected by looking at what CE shows in the pointer setup. Also WriteProcessMemory returns a BOOL for success that you could check.
|
|
Back to top |
|
|
Ghosting Advanced Cheater Reputation: 0
Joined: 05 Feb 2016 Posts: 54 Location: 127.0.0.1
|
Posted: Mon Jun 12, 2017 9:05 am Post subject: |
|
|
FreeER wrote: | No problem
Hm, if there are no error messages try printing out pAddress (in hex of course) at each step and verifying that you are getting the addresses you expected by looking at what CE shows in the pointer setup. Also WriteProcessMemory returns a BOOL for success that you could check. |
hmm my BaseAddress is returning 0..
EDIT: Even cheat engine is returning zero..
Code: | #include <windows.h>
#include <string>
#include <iostream>
#include <stdlib.h>
#include "tlhelp32.h"
//20.37000084
using namespace std;
DWORD dwGetModuleBaseAddress(DWORD dwProcessIdentifier, TCHAR *lpszModuleName)
{
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwProcessIdentifier);
DWORD dwModuleBaseAddress = 0;
if (hSnapshot != INVALID_HANDLE_VALUE)
{
MODULEENTRY32 ModuleEntry32 = { 0 };
ModuleEntry32.dwSize = sizeof(MODULEENTRY32);
if (Module32First(hSnapshot, &ModuleEntry32))
{
do
{
if (strcmp(ModuleEntry32.szModule, lpszModuleName) == 0)
{
MessageBox(NULL, (LPCSTR)ModuleEntry32.szModule, "jeb", NULL);
dwModuleBaseAddress = (DWORD)ModuleEntry32.modBaseAddr;
break;
}
} while (Module32Next(hSnapshot, &ModuleEntry32));
}
CloseHandle(hSnapshot);
}
return dwModuleBaseAddress;
}
int main()
{
HWND hwnd = FindWindow(NULL, "Cheat Engine 6.6");
if(hwnd == NULL)
{
cout << "Cannot find window.." << endl;
Sleep(5000);
exit(-1);
}else{
DWORD procID;
DWORD BaseAddress = dwGetModuleBaseAddress(procID, "cheatengine-x86_64.exe");
GetWindowThreadProcessId(hwnd, &procID);
HANDLE handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, procID);
if (procID == NULL){
"Can't obtain process ID..";
Sleep(5000);
exit(-1);
}else{
cout << BaseAddress << endl;
float new_value = 1;
DWORD pAddress1;
ReadProcessMemory(handle, (LPCVOID*)(BaseAddress + 0x01B9D048), &pAddress1, sizeof(pAddress1), NULL);
cout << hex << pAddress1 << endl;
ReadProcessMemory(handle, (LPCVOID*)(pAddress1 + 0x0), &pAddress1, sizeof(pAddress1), NULL);
cout << hex << pAddress1 << endl;
ReadProcessMemory(handle, (LPCVOID*)(pAddress1 + 0x394), &pAddress1, sizeof(pAddress1), NULL);
cout << hex << pAddress1 << endl;
ReadProcessMemory(handle, (LPCVOID*)(pAddress1 + 0x60), &pAddress1, sizeof(pAddress1), NULL);
cout << hex << pAddress1 << endl;
ReadProcessMemory(handle, (LPCVOID*)(pAddress1 + 0xD8), &pAddress1, sizeof(pAddress1), NULL);
cout << hex << pAddress1 << endl;
WriteProcessMemory(handle, (LPVOID*)pAddress1, &new_value, sizeof(new_value), NULL);
}
}
return 0;
}
|
Last edited by Ghosting on Mon Jun 12, 2017 9:35 am; edited 1 time in total |
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Mon Jun 12, 2017 9:18 am Post subject: |
|
|
Well... that would be an issue... Since I don't use C/C++ for trainers myself I don't know of any possible reasons off the top of my head other than making sure you're running it as administrator
I imagine if you shared the code you're using someone else will be able to point something out (I'd look at it but I doubt I'd see anything obviously incorrect lol)
|
|
Back to top |
|
|
Ghosting Advanced Cheater Reputation: 0
Joined: 05 Feb 2016 Posts: 54 Location: 127.0.0.1
|
Posted: Mon Jun 12, 2017 9:31 am Post subject: |
|
|
FreeER wrote: | Well... that would be an issue... Since I don't use C/C++ for trainers myself I don't know of any possible reasons off the top of my head other than making sure you're running it as administrator
I imagine if you shared the code you're using someone else will be able to point something out (I'd look at it but I doubt I'd see anything obviously incorrect lol) |
Hmm didn't work either
|
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Mon Jun 12, 2017 9:48 am Post subject: |
|
|
Hm, should you be using Module32First/Module32Next or Process32First/Process32Next? (mostly based on https://stackoverflow.com/questions/11564148/how-to-get-the-starting-base-address-of-a-process-in-c)
Hm, actually compared to http://forum.cheatengine.org/viewtopic.php?t=545149 which seems to have identical code, the issue is probably the order of these lines
Code: | DWORD procID;
DWORD BaseAddress = dwGetModuleBaseAddress(procID, "cheatengine-x86_64.exe");
GetWindowThreadProcessId(hwnd, &procID); |
At the point that dwGetModuleBaseAddress is called, procID is undefined. You should probably be calling GetWindowThreadProcessId first then dwGetModuleBaseAddress so that procID has a valid process ID...
|
|
Back to top |
|
|
atom0s Moderator Reputation: 199
Joined: 25 Jan 2006 Posts: 8518 Location: 127.0.0.1
|
Posted: Mon Jun 12, 2017 7:10 pm Post subject: |
|
|
If you are targeting a 64bit process you need to compile the code as 64bit to access its modules using Module32First/Module32Next and so on. Otherwise, the API will fail to access the process' information.
_________________
- Retired. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|