 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
MaDa
Newbie cheater
![]() Reputation: 0
Joined: 09 Nov 2015
Posts: 15
|
 Posted: Thu Nov 12, 2015 10:56 am Post subject: [REQEST] VB AOB, read Process |
 |
|
i Need make Trainer for Brower Flash games by VB :
1-read browser process(check if it Running)
2-search in browser process for aob code then change it
|
|
| Back to top |
|
 |
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Thu Nov 12, 2015 7:11 pm Post subject: |
|
|
This is a class I wrote based on the original FindPattern method for C#. You should be able to use an online convert tool to make it Vb.NET
| Code: |
namespace YourProjectName.Classes
{
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Linq;
using System.Runtime.InteropServices;
public class SigScan
{
/// <summary>
/// ReadProcessMemory
///
/// API import definition for ReadProcessMemory.
/// </summary>
/// <param name="hProcess">Handle to the process we want to read from.</param>
/// <param name="lpBaseAddress">The base address to start reading from.</param>
/// <param name="lpBuffer">The return buffer to write the read data to.</param>
/// <param name="dwSize">The size of data we wish to read.</param>
/// <param name="lpNumberOfBytesRead">The number of bytes successfully read.</param>
/// <returns></returns>
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool ReadProcessMemory(
IntPtr hProcess,
IntPtr lpBaseAddress,
[Out] byte[] lpBuffer,
int dwSize,
out int lpNumberOfBytesRead
);
/// <summary>
/// m_vDumpedRegion
///
/// The memory dumped from the external process.
/// </summary>
private byte[] m_vDumpedRegion;
/// <summary>
/// m_vProcess
///
/// The process we want to read the memory of.
/// </summary>
private Process m_vProcess;
/// <summary>
/// m_vAddress
///
/// The starting address we want to begin reading at.
/// </summary>
private IntPtr m_vAddress;
/// <summary>
/// m_vSize
///
/// The number of bytes we wish to read from the process.
/// </summary>
private Int32 m_vSize;
#region "sigScan Class Construction"
/// <summary>
/// SigScan
///
/// Main class constructor that uses no params.
/// Simply initializes the class properties and
/// expects the user to set them later.
/// </summary>
public SigScan()
{
this.m_vProcess = null;
this.m_vAddress = IntPtr.Zero;
this.m_vSize = 0;
this.m_vDumpedRegion = null;
}
/// <summary>
/// SigScan
///
/// Overloaded class constructor that sets the class
/// properties during construction.
/// </summary>
/// <param name="proc">The process to dump the memory from.</param>
/// <param name="addr">The started address to begin the dump.</param>
/// <param name="size">The size of the dump.</param>
public SigScan(Process proc, IntPtr addr, int size)
{
this.m_vProcess = proc;
this.m_vAddress = addr;
this.m_vSize = size;
}
#endregion
#region "sigScan Class Private Methods"
/// <summary>
/// DumpMemory
///
/// Internal memory dump function that uses the set class
/// properties to dump a memory region.
/// </summary>
/// <returns>Boolean based on RPM results and valid properties.</returns>
private bool DumpMemory()
{
try
{
// Checks to ensure we have valid data.
if (this.m_vProcess == null)
return false;
if (this.m_vProcess.HasExited)
return false;
if (this.m_vAddress == IntPtr.Zero)
return false;
if (this.m_vSize == 0)
return false;
// Create the region space to dump into.
this.m_vDumpedRegion = new byte[this.m_vSize];
int nBytesRead;
// Dump the memory.
var ret = ReadProcessMemory(
this.m_vProcess.Handle, this.m_vAddress, this.m_vDumpedRegion, this.m_vSize, out nBytesRead
);
// Validation checks.
return ret && nBytesRead == this.m_vSize;
}
catch (Exception)
{
return false;
}
}
/// <summary>
/// MaskCheck
///
/// Compares the current pattern byte to the current memory dump
/// byte to check for a match. Uses wildcards to skip bytes that
/// are deemed unneeded in the compares.
/// </summary>
/// <param name="nOffset">Offset in the dump to start at.</param>
/// <param name="btPattern">Pattern to scan for.</param>
/// <param name="strMask">Mask to compare against.</param>
/// <returns>Boolean depending on if the pattern was found.</returns>
private bool MaskCheck(int nOffset, IEnumerable<byte> btPattern, string strMask)
{
// Loop the pattern and compare to the mask and dump.
return !btPattern.Where((t, x) => strMask[x] != '?' && ((strMask[x] == 'x') && (t != this.m_vDumpedRegion[nOffset + x]))).Any();
}
#endregion
#region "sigScan Class Public Methods"
/// <summary>
/// FindPattern
///
/// Attempts to locate the given pattern inside the dumped memory region
/// compared against the given mask. If the pattern is found, the offset
/// is added to the located address and returned to the user.
/// </summary>
/// <param name="btPattern">Byte pattern to look for in the dumped region.</param>
/// <param name="strMask">The mask string to compare against.</param>
/// <param name="nOffset">The offset added to the result address.</param>
/// <returns>IntPtr - zero if not found, address if found.</returns>
public IntPtr FindPattern(byte[] btPattern, string strMask, int nOffset)
{
try
{
// Dump the memory region if we have not dumped it yet.
if (this.m_vDumpedRegion == null || this.m_vDumpedRegion.Length == 0)
{
if (!this.DumpMemory())
return IntPtr.Zero;
}
// Ensure the mask and pattern lengths match.
if (strMask.Length != btPattern.Length)
return IntPtr.Zero;
// Loop the region and look for the pattern.
for (int x = 0; x < this.m_vDumpedRegion.Length; x++)
{
if (this.MaskCheck(x, btPattern, strMask))
{
// The pattern was found, return it.
return new IntPtr((int)this.m_vAddress + (x + nOffset));
}
}
// Pattern was not found.
return IntPtr.Zero;
}
catch (Exception)
{
return IntPtr.Zero;
}
}
/// <summary>
/// ResetRegion
///
/// Resets the memory dump array to nothing to allow
/// the class to redump the memory.
/// </summary>
public void ResetRegion()
{
this.m_vDumpedRegion = null;
}
#endregion
#region "sigScan Class Properties"
public Process Process
{
get { return this.m_vProcess; }
set { this.m_vProcess = value; }
}
public IntPtr Address
{
get { return this.m_vAddress; }
set { this.m_vAddress = value; }
}
public Int32 Size
{
get { return this.m_vSize; }
set { this.m_vSize = value; }
}
#endregion
}
} |
_________________
- Retired. |
|
| Back to top |
|
|
MaDa
Newbie cheater
![]() Reputation: 0
Joined: 09 Nov 2015
Posts: 15
|
| Posted: Fri Nov 13, 2015 8:54 am Post subject: |
|
|
| atom0s wrote: | This is a class I wrote based on the original FindPattern method for C#. You should be able to use an online convert tool to make it Vb.NET
| Code: |
namespace YourProjectName.Classes
{
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Linq;
using System.Runtime.InteropServices;
public class SigScan
{
/// <summary>
/// ReadProcessMemory
///
/// API import definition for ReadProcessMemory.
/// </summary>
/// <param name="hProcess">Handle to the process we want to read from.</param>
/// <param name="lpBaseAddress">The base address to start reading from.</param>
/// <param name="lpBuffer">The return buffer to write the read data to.</param>
/// <param name="dwSize">The size of data we wish to read.</param>
/// <param name="lpNumberOfBytesRead">The number of bytes successfully read.</param>
/// <returns></returns>
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool ReadProcessMemory(
IntPtr hProcess,
IntPtr lpBaseAddress,
[Out] byte[] lpBuffer,
int dwSize,
out int lpNumberOfBytesRead
);
/// <summary>
/// m_vDumpedRegion
///
/// The memory dumped from the external process.
/// </summary>
private byte[] m_vDumpedRegion;
/// <summary>
/// m_vProcess
///
/// The process we want to read the memory of.
/// </summary>
private Process m_vProcess;
/// <summary>
/// m_vAddress
///
/// The starting address we want to begin reading at.
/// </summary>
private IntPtr m_vAddress;
/// <summary>
/// m_vSize
///
/// The number of bytes we wish to read from the process.
/// </summary>
private Int32 m_vSize;
#region "sigScan Class Construction"
/// <summary>
/// SigScan
///
/// Main class constructor that uses no params.
/// Simply initializes the class properties and
/// expects the user to set them later.
/// </summary>
public SigScan()
{
this.m_vProcess = null;
this.m_vAddress = IntPtr.Zero;
this.m_vSize = 0;
this.m_vDumpedRegion = null;
}
/// <summary>
/// SigScan
///
/// Overloaded class constructor that sets the class
/// properties during construction.
/// </summary>
/// <param name="proc">The process to dump the memory from.</param>
/// <param name="addr">The started address to begin the dump.</param>
/// <param name="size">The size of the dump.</param>
public SigScan(Process proc, IntPtr addr, int size)
{
this.m_vProcess = proc;
this.m_vAddress = addr;
this.m_vSize = size;
}
#endregion
#region "sigScan Class Private Methods"
/// <summary>
/// DumpMemory
///
/// Internal memory dump function that uses the set class
/// properties to dump a memory region.
/// </summary>
/// <returns>Boolean based on RPM results and valid properties.</returns>
private bool DumpMemory()
{
try
{
// Checks to ensure we have valid data.
if (this.m_vProcess == null)
return false;
if (this.m_vProcess.HasExited)
return false;
if (this.m_vAddress == IntPtr.Zero)
return false;
if (this.m_vSize == 0)
return false;
// Create the region space to dump into.
this.m_vDumpedRegion = new byte[this.m_vSize];
int nBytesRead;
// Dump the memory.
var ret = ReadProcessMemory(
this.m_vProcess.Handle, this.m_vAddress, this.m_vDumpedRegion, this.m_vSize, out nBytesRead
);
// Validation checks.
return ret && nBytesRead == this.m_vSize;
}
catch (Exception)
{
return false;
}
}
/// <summary>
/// MaskCheck
///
/// Compares the current pattern byte to the current memory dump
/// byte to check for a match. Uses wildcards to skip bytes that
/// are deemed unneeded in the compares.
/// </summary>
/// <param name="nOffset">Offset in the dump to start at.</param>
/// <param name="btPattern">Pattern to scan for.</param>
/// <param name="strMask">Mask to compare against.</param>
/// <returns>Boolean depending on if the pattern was found.</returns>
private bool MaskCheck(int nOffset, IEnumerable<byte> btPattern, string strMask)
{
// Loop the pattern and compare to the mask and dump.
return !btPattern.Where((t, x) => strMask[x] != '?' && ((strMask[x] == 'x') && (t != this.m_vDumpedRegion[nOffset + x]))).Any();
}
#endregion
#region "sigScan Class Public Methods"
/// <summary>
/// FindPattern
///
/// Attempts to locate the given pattern inside the dumped memory region
/// compared against the given mask. If the pattern is found, the offset
/// is added to the located address and returned to the user.
/// </summary>
/// <param name="btPattern">Byte pattern to look for in the dumped region.</param>
/// <param name="strMask">The mask string to compare against.</param>
/// <param name="nOffset">The offset added to the result address.</param>
/// <returns>IntPtr - zero if not found, address if found.</returns>
public IntPtr FindPattern(byte[] btPattern, string strMask, int nOffset)
{
try
{
// Dump the memory region if we have not dumped it yet.
if (this.m_vDumpedRegion == null || this.m_vDumpedRegion.Length == 0)
{
if (!this.DumpMemory())
return IntPtr.Zero;
}
// Ensure the mask and pattern lengths match.
if (strMask.Length != btPattern.Length)
return IntPtr.Zero;
// Loop the region and look for the pattern.
for (int x = 0; x < this.m_vDumpedRegion.Length; x++)
{
if (this.MaskCheck(x, btPattern, strMask))
{
// The pattern was found, return it.
return new IntPtr((int)this.m_vAddress + (x + nOffset));
}
}
// Pattern was not found.
return IntPtr.Zero;
}
catch (Exception)
{
return IntPtr.Zero;
}
}
/// <summary>
/// ResetRegion
///
/// Resets the memory dump array to nothing to allow
/// the class to redump the memory.
/// </summary>
public void ResetRegion()
{
this.m_vDumpedRegion = null;
}
#endregion
#region "sigScan Class Properties"
public Process Process
{
get { return this.m_vProcess; }
set { this.m_vProcess = value; }
}
public IntPtr Address
{
get { return this.m_vAddress; }
set { this.m_vAddress = value; }
}
public Int32 Size
{
get { return this.m_vSize; }
set { this.m_vSize = value; }
}
#endregion
}
} |
|
ok i convert it what code i shoud add to button click to search aob code in opera.exe for examble and what code for replace aob code or tell me how do it in C# 
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Fri Nov 13, 2015 6:00 pm Post subject: |
|
|
The code is very simple and minimal. If you are unsure how to follow it then I would suggest you learn what you are doing. It is not hard to understand the code.
_________________
- Retired. |
|
| Back to top |
|
|
MaDa
Newbie cheater
![]() Reputation: 0
Joined: 09 Nov 2015
Posts: 15
|
| Posted: Fri Nov 13, 2015 6:25 pm Post subject: |
|
|
| atom0s wrote: | | The code is very simple and minimal. If you are unsure how to follow it then I would suggest you learn what you are doing. It is not hard to understand the code. |
im biggner at VB i have vb code to secan AOB and i use this code for search
Private Sub Button4_Click(sender As Object, e As EventArgs) Handles Button4.Click
If AOBSCAN("notepad", "notepad.exe", New Byte() {&H5F, &H5F, &H2D, &H2D, &H5F, &H2D, &H5F, &H2D, &H2D, &H02, &H72, &H45, &H0D, &H2D, &H2D, &H5F}) = True Then
MessageBox.Show("Found")
ElseIf MessageBox.Show("NoT Found")
but not work
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Sat Nov 14, 2015 1:08 am Post subject: |
|
|
If you are a beginner at coding, I do not recommend jumping right into game hacking. I would recommend that you actually learn the language basics first, understand what classes / namespaces are and so on.
_________________
- Retired. |
|
| Back to top |
|
|
MaDa
Newbie cheater
![]() Reputation: 0
Joined: 09 Nov 2015
Posts: 15
|
| Posted: Sun Nov 15, 2015 10:37 am Post subject: |
|
|
| atom0s wrote: | | If you are a beginner at coding, I do not recommend jumping right into game hacking. I would recommend that you actually learn the language basics first, understand what classes / namespaces are and so on. |
ok thanx for your help but its nor crime to ask for help and i think even you need to understand what is classes becuse not think you are know the how use it
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Sun Nov 15, 2015 12:56 pm Post subject: |
|
|
| MaDa wrote: | | atom0s wrote: | | If you are a beginner at coding, I do not recommend jumping right into game hacking. I would recommend that you actually learn the language basics first, understand what classes / namespaces are and so on. |
ok thanx for your help but its nor crime to ask for help and i think even you need to understand what is classes becuse not think you are know the how use it |
I know how to use the class, I wrote it. Take the time to learn what you are doing. I'm not going to spoon feed you material you don't understand just so you can copy paste it and claim you did it all yourself. That era of "game hackers" ruined things enough, we don't need more of it.
_________________
- Retired. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
