| View previous topic :: View next topic |
| Author |
Message |
Bo2k
How do I cheat?
![]() Reputation: 0
Joined: 22 Mar 2016
Posts: 3
|
 Posted: Tue Mar 22, 2016 10:50 pm Post subject: Module within module |
 |
|
Hello,
How can i get the module base address in this scenario :
There is a launcher that launches the game as a module within the launcher exe.
If i list modules for launcher.exe i got game.exe in there.
Now, game.exe has his own modules(couse is a full standalone game, just that it is wrapped in this launcher). how do i get the base address of those modules?
|
|
| Back to top |
|
 |
hhhuut
Grandmaster Cheater
 Reputation: 6
Joined: 08 Feb 2015
Posts: 607
|
| Posted: Wed Mar 23, 2016 3:00 am Post subject: |
|
|
| Can the "game.exe" be retrieved as an own process?
|
|
| Back to top |
|
|
Bo2k
How do I cheat?
![]() Reputation: 0
Joined: 22 Mar 2016
Posts: 3
|
| Posted: Wed Mar 23, 2016 9:10 am Post subject: |
|
|
Yes, i managed to run the game by itself, this is how i got my addresses, pointers, but i need to know how to make offset that i got work when i load the game through launcher,
For example if i got a pointer at an offset xxx.dll + offset when i run the game stanalone.
i found out that my xxx.dll seems to always starting at 10000000 base address from the exe, (when running standalone).
Now when i run the game with launcher i tryed to do something like this,
Find base address of game.exe module within the launcher, and add 10000000 + offset; but i dont get the right values...
|
|
| Back to top |
|
|
hhhuut
Grandmaster Cheater
Reputation: 6
Joined: 08 Feb 2015
Posts: 607
|
| Posted: Wed Mar 23, 2016 9:40 am Post subject: |
|
|
32bit EXE files often use 0x00400000 as their image base, so in some cases that is pretty reliable, but don't port that system to DLLs, their image base is kind of random in the memory, so a hardcoded hex address plus offset won't work ...
Can you rewrite the standalone "xxx.dll+offset" as an "xxx.exe+offset" within the launcher?
|
|
| Back to top |
|
|
Bo2k
How do I cheat?
![]() Reputation: 0
Joined: 22 Mar 2016
Posts: 3
|
| Posted: Fri Mar 25, 2016 4:13 pm Post subject: |
|
|
I managed to find the game process with cheatengine even when launching with loader, but is hidden. The long "Window List" did the trick, (found 2 instance of .exe alone and 2 of launcher). Cheat Engine cannot open the proccess until i checked Extra->Open Proccess in settings,
Now cause i use c#, i did not find the exe by listing proccess, neither cheat engine dont find it on normal Proccess List. What exactly "Window List" does in comparation to normal Proccess List? and what exactly Extra->Open Proccess does? How this two functions can be implemented in C# ? so i can open the game with my app?.
Does Cheat Engine have a dll library that can be called and used in C#?
Thank You.
|
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Fri Mar 25, 2016 4:39 pm Post subject: |
|
|
Window List enumerates the list of windows on the system. You can look into doing that via EnumWindows API.
If the game is loaded within the launchers memory space than they will share modules. For example if the launcher loads a module called derp.dll and the game tries to load derp.dll as well, it will use the already loaded instance of the module. (Unless they force-map it into another memory space and manually use it that way.)
As for hiding the process that sounds like there is an anti-cheat involved then.
_________________
- Retired. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
