| View previous topic :: View next topic |
| Author |
Message |
Enkan
How do I cheat?
![]() Reputation: 0
Joined: 19 Sep 2010
Posts: 2
|
 Posted: Sun Sep 19, 2010 8:03 am Post subject: C++ help |
 |
|
I am trying to read the Hp from wow, and i found the pointer and offsetts with cheatengine. This is where the problems start, the program only returns a nonsense number. I suspect that this has something to do with the " wow.exe" value in the pointer but i have no idea how to solve it.
any help would be greatly appreciated, thanks.
| Code: | using namespace std;
int main()
{
HWND hwnd = FindWindow(NULL,"World of Warcraft");
DWORD value;
DWORD pid;
DWORD adress;
if(!hwnd)
{
cout <<"Window not found!";
system("PAUSE");
exit (1);
} else {
GetWindowThreadProcessId(hwnd,&pid);
HANDLE phandle = OpenProcess(PROCESS_VM_READ ,0,pid);
if(!phandle)
{
cout <<"Could not get handle!";
system("PAUSE");
exit (1);
}
DWORD buffer;
ReadProcessMemory(phandle, (LPCVOID) ( 0x008AD7EC), (LPVOID)&buffer, sizeof(buffer), NULL); // add "wow.exe"+0x008AD7EC somehow?
ReadProcessMemory(phandle, (LPCVOID)(buffer+0x1F8), (LPVOID)&buffer, sizeof(buffer), NULL);
ReadProcessMemory(phandle, (LPCVOID)(buffer+0xC), (LPVOID)&buffer, sizeof(buffer), NULL);
ReadProcessMemory(phandle, (LPCVOID)(buffer+0x77C), (LPVOID)&buffer, sizeof(buffer), NULL);
ReadProcessMemory(phandle, (LPCVOID)(buffer+0x148), (LPVOID)&buffer, sizeof(buffer), NULL);
ReadProcessMemory(phandle, (LPCVOID)(buffer+0x6EC ), &buffer, sizeof(buffer), NULL);
//+"6EC"+"148"+"77C"+"C"+"1F8";
// DWORD buffer;
cout<<"HP - "<<buffer<<endl;
system("PAUSE");
exit (1);
CloseHandle(phandle);
}
} |
| Description: |
|
| Filesize: |
214.58 KB |
| Viewed: |
13049 Time(s) |
|
|
|
| Back to top |
|
 |
tombana
Master Cheater
![]() Reputation: 2
Joined: 14 Jun 2007
Posts: 456
Location: The Netherlands
|
| Posted: Sun Sep 19, 2010 9:35 am Post subject: |
|
|
Usually 'wow.exe' will have the constant value of 0x00400000.
If you want to do it correctly, then you could 'walk the module list' of the wow process. This means you enumerate all modules in the process, and then take the module with the name 'wow.exe' and get the 'module base' address.
However it's much easier to just take 0x00400000 because that value should never change. (It is static in winXP, i don't know about win7)
|
|
| Back to top |
|
|
Enkan
How do I cheat?
![]() Reputation: 0
Joined: 19 Sep 2010
Posts: 2
|
| Posted: Sun Sep 19, 2010 10:10 am Post subject: |
|
|
thx man ! that solved my problems 
|
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Mon Sep 20, 2010 6:33 am Post subject: |
|
|
| tombana wrote: | Usually 'wow.exe' will have the constant value of 0x00400000.
If you want to do it correctly, then you could 'walk the module list' of the wow process. This means you enumerate all modules in the process, and then take the module with the name 'wow.exe' and get the 'module base' address.
However it's much easier to just take 0x00400000 because that value should never change. (It is static in winXP, i don't know about win7) |
0x00400000 is pretty rare actually :/ It's very dependent on what compiler you use. He should instead just use GetModuleHandle().
|
|
| Back to top |
|
|
tombana
Master Cheater
![]() Reputation: 2
Joined: 14 Jun 2007
Posts: 456
Location: The Netherlands
|
| Posted: Mon Sep 20, 2010 1:22 pm Post subject: |
|
|
| Slugsnack wrote: | | 0x00400000 is pretty rare actually :/ It's very dependent on what compiler you use. He should instead just use GetModuleHandle(). |
I've never seen anything else than 0x00400000 (winxp here). I think most compilers will use 0x000400000 as ImageBase.
If he wants to use GetModuleHandle() then he should be in the target process which he is not.
|
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Mon Sep 20, 2010 5:23 pm Post subject: |
|
|
| tombana wrote: | | Slugsnack wrote: | | 0x00400000 is pretty rare actually :/ It's very dependent on what compiler you use. He should instead just use GetModuleHandle(). |
I've never seen anything else than 0x00400000 (winxp here). I think most compilers will use 0x000400000 as ImageBase.
If he wants to use GetModuleHandle() then he should be in the target process which he is not. |
When did he say he wasn't in target process ?
On Windows 7 Ultimate. EPs:
notepad.exe - 0x002C3689
One of my random programs in debug from vc++ 2010 ( EP is at a JMP table ) - 0x0131111D
When compiled in release - 0x00201402
All my MASM32 programs - 0x00401000
note EP is usually offset 0x1000 to base. I've never seen 0x00400000 used as the base for binaries generated by either vc++ 2008 or 2010.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25823
Location: The netherlands
|
| Posted: Mon Sep 20, 2010 6:57 pm Post subject: |
|
|
| Quote: |
When did he say he wasn't in target process ?
|
I guess because of this:
| Code: |
GetWindowThreadProcessId(hwnd,&pid);
HANDLE phandle = OpenProcess(PROCESS_VM_READ ,0,pid);
|
As for the module base being different that depends on if you have the base address relocation option enabled in visual studio when compiled
That is the default option for visual studio 2008 and later
And it's only supported by windows vista and later
If it's disabled or the os doesn't support it, it'll get loaded at the default address set in the pe headers base address field. Which is usually 0x00400000
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
DeletedUser14087
I post too much
![]() Reputation: 2
Joined: 21 Jun 2006
Posts: 3069
|
| Posted: Fri Sep 24, 2010 2:32 pm Post subject: |
|
|
| The WoW.exe will just represent the ImageBase address, no worries.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
