| View previous topic :: View next topic |
| Author |
Message |
Tanqueray#10
How do I cheat?
![]() Reputation: 0
Joined: 27 Oct 2012
Posts: 3
|
 Posted: Mon Nov 19, 2012 11:41 am Post subject: How do you get the base address? |
 |
|
Hi, how do you get the base address of a variable/value within a process?
Say I want to find the address where the timer value is stored in minesweeper, how do I do that?
Do I scan minesweeper's memory from beginning to end? I'm not really sure if memory is allocated contiguously for a process...
I've been trying to modify the value of a variable in another process for about a year(well, not for the whole time) without success. I only managed to do it with a program that I wrote and which its address is known to me.
Thanks
|
|
| Back to top |
|
 |
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Mon Nov 19, 2012 1:25 pm Post subject: Re: How do you get the base address? |
|
|
| Tanqueray#10 wrote: | | Hi, how do you get the base address of a variable/value within a process? |
Please define what YOU call the "base address" because the term "base address" only applies to a pointer (and a few other things that are unrelated to your request). In this example (written in C):
int a=10;
int* b=&a;
int** c=&b;
&c is the base address of the pointer to a.
| Tanqueray#10 wrote: | | Say I want to find the address where the timer value is stored in minesweeper, how do I do that? |
Timers are not the utmost easiest thing to hack (it's not hard either, far from that) but I suggest you start with something easier, like cheat engine's tutorial (Help->Cheat Engine Tutorial), or the score in spider solitaire, just to get a bit used to the tools.
Anyway this video ( http://www.youtube.com/watch?v=GPDlXVzgfvw ) shows how to find the address of the minesweeper timer (it's a prerequisite to make the timer count backward). Only the first 3 minutes concern what you want.
tip: in cheat engine's settings, set a hokey to pause/resume a process, that will allow you to freeze all threads of your target process, and do the timer scan while it does not change.
| Tanqueray#10 wrote: | | Do I scan minesweeper's memory from beginning to end? I'm not really sure if memory is allocated contiguously for a process... |
Memory is not contiguously allocated for a process, but you don't have to bother with it. Even 10 year old scan tools handle that for you. Of course it's a whole different story if you write your own scan tool, but I don't see why you would need to do that.
|
|
| Back to top |
|
|
Tanqueray#10
How do I cheat?
![]() Reputation: 0
Joined: 27 Oct 2012
Posts: 3
|
| Posted: Tue Nov 20, 2012 7:57 am Post subject: |
|
|
What I mean by "base address" is the address of a variable. That would be the address of any of a,b or c(&a, &b and &c) in your C example.
Minesweeper's timer was just an example, I don't really want that. I'm more interested in addresses of scores, health or ammunition, ut I really don't want to use Cheat Engine to get the base address, I know how to do that.
What I want to know is how CE gets those addresses.
So basically, I want to write a program that is able to find the address where the score is stored for example.
|
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Tue Nov 20, 2012 8:45 am Post subject: |
|
|
Ah, so you want to write a scan tool. In this case you can look at cheat engine's source (it IS open source after all) or you can also google for "memory scanner source".
Though I haven't watched the complete 8 videos this tutorial should contain the answers to your questions: http://www.securitytube.net/video/1080
(too bad the C source was hosted on megaupload...)
|
|
| Back to top |
|
|
Tanqueray#10
How do I cheat?
![]() Reputation: 0
Joined: 27 Oct 2012
Posts: 3
|
| Posted: Sun Nov 25, 2012 12:55 am Post subject: |
|
|
I forgot about this thread. Thanks, I'll search for that.
I have CE's source but I'm not really sure where to look.
|
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Sun Nov 25, 2012 2:16 am Post subject: |
|
|
| Try memscan.pas, function TScanController.firstScan.
|
|
| Back to top |
|
|
n0 m3rcY
Cheater
![]() Reputation: 0
Joined: 18 Jun 2012
Posts: 42
|
| Posted: Tue Nov 27, 2012 8:20 pm Post subject: |
|
|
| Tanqueray#10 wrote: | I forgot about this thread. Thanks, I'll search for that.
I have CE's source but I'm not really sure where to look. |
As of windows 7 most processes use ASLR, so they processes will have a random base address, however you can still use offsets ie a value you find at "minesweeper.exe+0x1234" in cheatengine will still be the base address of minesweeper.exe + 0x1234 in memory.
You can get the base address of a module by using Module32First() and a loop of Module32Next() of a CreateToolhelp32Snapshot() snapshot made the the processes pid. The moduleentry32::modbaseaddr member contains the base address of the module.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
